CVE-2023-25745
First published: Tue Feb 14 2023(Updated: )
Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <110 | 110 |
| Mozilla Firefox | <110.0 | |
| ubuntu/firefox | <110.0+ | 110.0+ |
| ubuntu/firefox | <110.0+ | 110.0+ |
| ubuntu/firefox | <110.0-1 | 110.0-1 |
| debian/firefox | 129.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1688592%2C1797186%2C1804998%2C1806521%2C1813284
- https://www.mozilla.org/security/advisories/mfsa2023-05/
- https://launchpad.net/bugs/cve/CVE-2023-25745
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745
- https://security-tracker.debian.org/tracker/CVE-2023-25745
- https://ubuntu.com/security/notices/USN-5880-1
- https://www.cve.org/CVERecord?id=CVE-2023-25745
- https://nvd.nist.gov/vuln/detail/CVE-2023-25745
- https://ubuntu.com/security/CVE-2023-25745
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-25745?
CVE-2023-25745 is a vulnerability that involves memory safety bugs present in Firefox 109.
What is the severity of CVE-2023-25745?
The severity of CVE-2023-25745 is high with a severity value of 7.
Which software is affected by CVE-2023-25745?
Mozilla Firefox versions up to and including 110, Ubuntu Firefox packages up to and including version 110.0-1, and Debian Firefox packages with version 117.0.1-1 are affected by CVE-2023-25745.
How can CVE-2023-25745 be exploited?
CVE-2023-25745 could potentially be exploited to run arbitrary code.
Where can I find more information about CVE-2023-25745?
You can find more information about CVE-2023-25745 at the following references: [Bugzilla](https://bugzilla.mozilla.org/buglist.cgi?bug_id=1688592%2C1797186%2C1804998%2C1806521%2C1813284), [Mozilla Security Advisories](https://www.mozilla.org/security/advisories/mfsa2023-05/), [Launchpad](https://launchpad.net/bugs/cve/CVE-2023-25745).
- collector/nvd-latest
- agent/type
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- package-manager/ubuntu
- package-manager/debian