CVE-2023-25751: Code Injection
First published: Tue Mar 14 2023(Updated: )
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <0:102.9.0-3.el7_9 | 0:102.9.0-3.el7_9 |
| redhat/thunderbird | <0:102.9.0-1.el7_9 | 0:102.9.0-1.el7_9 |
| redhat/firefox | <0:102.9.0-3.el8_7 | 0:102.9.0-3.el8_7 |
| redhat/thunderbird | <0:102.9.0-1.el8_7 | 0:102.9.0-1.el8_7 |
| redhat/thunderbird | <0:102.9.0-2.el8_1 | 0:102.9.0-2.el8_1 |
| redhat/firefox | <0:102.9.0-4.el8_1 | 0:102.9.0-4.el8_1 |
| redhat/thunderbird | <0:102.9.0-2.el8_2 | 0:102.9.0-2.el8_2 |
| redhat/firefox | <0:102.9.0-4.el8_2 | 0:102.9.0-4.el8_2 |
| redhat/firefox | <0:102.9.0-4.el8_4 | 0:102.9.0-4.el8_4 |
| redhat/thunderbird | <0:102.9.0-2.el8_4 | 0:102.9.0-2.el8_4 |
| redhat/firefox | <0:102.9.0-3.el8_6 | 0:102.9.0-3.el8_6 |
| redhat/thunderbird | <0:102.9.0-1.el8_6 | 0:102.9.0-1.el8_6 |
| redhat/firefox | <0:102.9.0-3.el9_1 | 0:102.9.0-3.el9_1 |
| redhat/thunderbird | <0:102.9.0-1.el9_1 | 0:102.9.0-1.el9_1 |
| redhat/firefox | <0:102.9.0-3.el9_0 | 0:102.9.0-3.el9_0 |
| redhat/thunderbird | <0:102.9.0-1.el9_0 | 0:102.9.0-1.el9_0 |
| Mozilla Thunderbird | <102.9 | 102.9 |
| Mozilla Firefox ESR | <102.9 | 102.9 |
| redhat/firefox | <102.9 | 102.9 |
| redhat/thunderbird | <102.9 | 102.9 |
| Mozilla Firefox | <111 | 111 |
| Mozilla Firefox | <111.0 | |
| Mozilla Firefox ESR | <102.9 | |
| Mozilla Thunderbird | <102.9 | |
| ubuntu/firefox | <111.0+ | 111.0+ |
| ubuntu/firefox | <111.0+ | 111.0+ |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.22.04.1 | 102.11.0-0ubuntu0.22.04.1 |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.22.10.1 | 102.11.0-0ubuntu0.22.10.1 |
| ubuntu/mozjs102 | <102.11.0-0ubuntu0.23.04.1 | 102.11.0-0ubuntu0.23.04.1 |
| ubuntu/thunderbird | <1:102.9.0+ | 1:102.9.0+ |
| ubuntu/thunderbird | <1:102.9.0+ | 1:102.9.0+ |
| ubuntu/thunderbird | <1:102.9.0+ | 1:102.9.0+ |
| ubuntu/thunderbird | <1:102.9.0+ | 1:102.9.0+ |
| debian/firefox | 129.0-1 | |
| debian/firefox-esr | 115.12.0esr-1~deb11u1 115.13.0esr-1~deb11u1 115.12.0esr-1~deb12u1 115.13.0esr-1~deb12u1 115.13.0esr-2 115.14.0esr-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.13.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.13.0-1~deb12u1 1:115.13.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.mozilla.org/security/advisories/mfsa2023-11/
- https://www.mozilla.org/security/advisories/mfsa2023-10/
- https://www.mozilla.org/security/advisories/mfsa2023-09/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1814899
- https://www.cve.org/CVERecord?id=CVE-2023-25751 https://nvd.nist.gov/vuln/detail/CVE-2023-25751 https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751 https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751
- https://bugzilla.redhat.com/show_bug.cgi?id=2178458
- https://access.redhat.com/errata/RHSA-2023:1333
- https://access.redhat.com/errata/RHSA-2023:1401
- https://access.redhat.com/errata/RHSA-2023:1336
- https://access.redhat.com/errata/RHSA-2023:1403
- https://access.redhat.com/errata/RHSA-2023:1442
- https://access.redhat.com/errata/RHSA-2023:1479
- https://access.redhat.com/errata/RHSA-2023:1443
- https://access.redhat.com/errata/RHSA-2023:1445
- https://access.redhat.com/errata/RHSA-2023:1444
- https://access.redhat.com/errata/RHSA-2023:1472
- https://access.redhat.com/errata/RHSA-2023:1367
- https://access.redhat.com/errata/RHSA-2023:1404
- https://access.redhat.com/errata/RHSA-2023:1337
- https://access.redhat.com/errata/RHSA-2023:1407
- https://access.redhat.com/errata/RHSA-2023:1364
- https://access.redhat.com/errata/RHSA-2023:1402
- https://access.redhat.com/security/cve/cve-2023-25751
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/
- https://launchpad.net/bugs/cve/CVE-2023-25751
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28164
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25751
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751
- https://security-tracker.debian.org/tracker/CVE-2023-25751
- https://ubuntu.com/security/notices/USN-5954-1
- https://ubuntu.com/security/notices/USN-5972-1
- https://ubuntu.com/security/notices/USN-6120-1
- https://www.cve.org/CVERecord?id=CVE-2023-25751
- https://nvd.nist.gov/vuln/detail/CVE-2023-25751
- https://ubuntu.com/security/CVE-2023-25751
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2023-25751?
The severity of CVE-2023-25751 is high (7).
Which products are affected by CVE-2023-25751?
Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9 are affected by CVE-2023-25751.
How can I fix CVE-2023-25751 in Firefox?
You can fix CVE-2023-25751 in Firefox by updating to version 111 or higher.
How can I fix CVE-2023-25751 in Firefox ESR?
You can fix CVE-2023-25751 in Firefox ESR by updating to version 102.9 or higher.
How can I fix CVE-2023-25751 in Thunderbird?
You can fix CVE-2023-25751 in Thunderbird by updating to version 102.9 or higher.
- collector/nvd-latest
- collector/redhat-cve
- collector/mozilla-advisory
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-25751
- agent/severity
- agent/weakness
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- package-manager/ubuntu
- package-manager/debian