CVE-2023-37209

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jan 7, 2024

CWE ID 416

Summary

CVE-2023-37209 is a use-after-free vulnerability affecting Firefox versions below 115. In the `NotifyOnHistoryReload` function, a `LoadingSessionHistoryEntry` object is freed, but a reference to this object remains. Subsequently, this reference is reused, leading to a potentially exploitable condition. Exploitation could result in arbitrary code execution or other malicious activities. Users are advised to update Firefox to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r0x1CN
https://www.cve.org/CVERecord?id=CVE-2023-37209
https://nvd.nist.gov/vuln/detail/CVE-2023-37209

Back to Vulnerability Database

CVE-2023-37209

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations