First published: Tue Apr 11 2023(Updated: )
Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <112 | 112 |
All of | ||
Mozilla Firefox | =112 | |
Google Android | ||
All of | ||
Mozilla Focus | =112 | |
Google Android | ||
Mozilla Firefox | <112.0 | |
Mozilla Firefox | <112.0 | |
Mozilla Focus | <112.0 | |
ubuntu/firefox | <112.0+ | 112.0+ |
ubuntu/firefox | <112.0+ | 112.0+ |
ubuntu/firefox | <112.0-1 | 112.0-1 |
debian/firefox | 129.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2023-29549 is a vulnerability that could result in the incorrect realm when calling the bind function in certain circumstances, potentially creating a vulnerability in JavaScript-implemented sandboxes such as SES.
CVE-2023-29549 affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVE-2023-29549 has a low severity.
To fix CVE-2023-29549, you should update to Firefox version 112.0 or newer.
You can find more information about CVE-2023-29549 at the following references: [Mozilla Security Advisory](https://www.mozilla.org/security/advisories/mfsa2023-13/), [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1823042), and [Launchpad](https://launchpad.net/bugs/cve/CVE-2023-29549).