CVE-2023-32214
First published: Tue May 09 2023(Updated: )
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <102.11 | 102.11 |
| <113 | 113 | |
| <102.11 | 102.11 | |
| <102.11 | 102.11 | |
| All of | ||
| Any of | ||
| Mozilla Firefox | <113.0 | |
| Mozilla Firefox ESR | <102.11 | |
| Mozilla Thunderbird | <102.11 | |
| Microsoft Windows | ||
| Mozilla Firefox | <113.0 | |
| Mozilla Firefox ESR | <102.11 | |
| Mozilla Thunderbird | <102.11 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-32214.
How can this vulnerability be exploited?
This vulnerability can be exploited by leveraging the protocol handlers ms-cxh and ms-cxh-full to trigger a denial of service.
Which operating systems are affected by this vulnerability?
This vulnerability only affects Windows. Other operating systems are not affected.
What is the severity level of this vulnerability?
The severity of this vulnerability is low.
How can I fix this vulnerability?
To fix this vulnerability, update Mozilla Thunderbird to version 102.11, Mozilla Firefox to version 113, or Mozilla Firefox ESR to version 102.11.
- collector/mozilla-advisory
- collector/nvd-index
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/type
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- source/Mozilla
- agent/software-canonical-lookup
- agent/description
- agent/event
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox
- canonical/mozilla firefox esr
- vendor/microsoft
- canonical/microsoft windows