Main Vulnerability Database Vulnerabilities #VU71229

#VU71229 Incorrect Regular Expression in Mozilla Firefox and Firefox for Android - CVE-2023-23603

Published: January 17, 2023

Vulnerability identifier: #VU71229

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-23603

CWE-ID: CWE-185

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to usage of an incorrect regular expression when filtering out forbidden properties and values from style directives in calls to console.log. A remote attacker can exfiltrate data from the victim's browser.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/