What is CVE-2023-25738?

CVE-2023-25738 is a vulnerability that affects Firefox on Windows, allowing for out-of-bounds access to variables due to invalid values in the DEVMODEW struct set by the printer device driver.

How does CVE-2023-25738 impact users?

CVE-2023-25738 may lead to browser crashes, arbitrary code execution, or potential exploitation of other vulnerabilities.

Which versions of Firefox are affected by CVE-2023-25738?

Firefox versions up to and excluding 110 are affected by CVE-2023-25738.

How can I fix CVE-2023-25738?

Update your Firefox browser to version 110 or higher to address CVE-2023-25738.

Where can I find more information about CVE-2023-25738?

You can find more information about CVE-2023-25738 on the Mozilla Security Advisories: MFSA2023-05 and MFSA2023-07, as well as the bug report on Bugzilla.

Vulnerability/
CVE-2023-25738

medium

6.5

CWE

125

14/2/2023

2/6/2023

2/8/2024

CVE-2023-25738

First published: Tue Feb 14 2023(Updated: )

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
	<110	110
	<102.8	102.8
Mozilla Thunderbird	<102.8	102.8
	<102.8	102.8
Mozilla Firefox	<110.0
Mozilla Firefox ESR	<102.8
Mozilla Thunderbird	<102.8
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-25738?
CVE-2023-25738 is a vulnerability that affects Firefox on Windows, allowing for out-of-bounds access to variables due to invalid values in the DEVMODEW struct set by the printer device driver.
How does CVE-2023-25738 impact users?
CVE-2023-25738 may lead to browser crashes, arbitrary code execution, or potential exploitation of other vulnerabilities.
Which versions of Firefox are affected by CVE-2023-25738?
Firefox versions up to and excluding 110 are affected by CVE-2023-25738.
How can I fix CVE-2023-25738?
Update your Firefox browser to version 110 or higher to address CVE-2023-25738.
Where can I find more information about CVE-2023-25738?
You can find more information about CVE-2023-25738 on the Mozilla Security Advisories: MFSA2023-05 and MFSA2023-07, as well as the bug report on Bugzilla.

collector/nvd-latest
collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/author
agent/description
agent/severity
agent/references
agent/weakness
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla thunderbird
canonical/mozilla firefox esr
canonical/mozilla firefox
vendor/microsoft
canonical/microsoft windows