What is CVE-2023-29535?

CVE-2023-29535 is a vulnerability in Firefox, Focus for Android, and Firefox ESR that allows for memory corruption and potentially exploitable crashes.

Which software versions are affected by CVE-2023-29535?

Firefox versions prior to 112, Focus for Android versions prior to 112, and Firefox ESR versions prior to 102.10 are affected by CVE-2023-29535.

How can CVE-2023-29535 be exploited?

CVE-2023-29535 can be exploited by accessing weak maps before they are correctly traced, resulting in memory corruption and potentially exploitable crashes.

What is the severity of CVE-2023-29535?

CVE-2023-29535 has a severity level of high, with a CVSS score of 7.

How can I fix CVE-2023-29535?

To fix CVE-2023-29535, update Firefox to version 112 or later, Focus for Android to version 112 or later, or Firefox ESR to version 102.10 or later.

Vulnerability/
CVE-2023-29535

medium

6.5

11/4/2023

2/6/2023

2/8/2024

CVE-2023-29535

First published: Tue Apr 11 2023(Updated: )

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<102.10	102.10
Mozilla Thunderbird	<102.10	102.10
Mozilla Firefox	<112	112
All of
Mozilla Firefox	=112
Google Android
All of
Mozilla Focus	=112
Google Android
Mozilla Firefox	<112.0
Mozilla Firefox	<112.0
Mozilla Firefox ESR	<102.10
Mozilla Focus	<112.0
Mozilla Thunderbird	<102.10
debian/firefox		131.0-1
debian/firefox-esr		115.14.0esr-1~deb11u1 128.3.0esr-1~deb11u2 115.14.0esr-1~deb12u1 128.3.0esr-1~deb12u1 115.15.0esr-1 128.3.0esr-2
debian/thunderbird		1:115.12.0-1~deb11u1 1:115.15.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.15.0-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-29535?
CVE-2023-29535 is a vulnerability in Firefox, Focus for Android, and Firefox ESR that allows for memory corruption and potentially exploitable crashes.
Which software versions are affected by CVE-2023-29535?
Firefox versions prior to 112, Focus for Android versions prior to 112, and Firefox ESR versions prior to 102.10 are affected by CVE-2023-29535.
How can CVE-2023-29535 be exploited?
CVE-2023-29535 can be exploited by accessing weak maps before they are correctly traced, resulting in memory corruption and potentially exploitable crashes.
What is the severity of CVE-2023-29535?
CVE-2023-29535 has a severity level of high, with a CVSS score of 7.
How can I fix CVE-2023-29535?
To fix CVE-2023-29535, update Firefox to version 112 or later, Focus for Android to version 112 or later, or Firefox ESR to version 102.10 or later.

collector/nvd-latest
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/mozilla-advisory
agent/software-canonical-lookup-request
agent/type
agent/author
source/Mozilla
agent/software-canonical-lookup
agent/severity
collector/nvd-cve
source/NVD
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
collector/security-tracker-debian
source/Debian
agent/references
agent/description
agent/softwarecombine
agent/tags
agent/event
agent/trending
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox
version/mozilla firefox/112
vendor/google
canonical/google android
canonical/mozilla focus
version/mozilla focus/112
package-manager/debian