CVE-2023-4578

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 11, 2023

Updated: Sep 14, 2023

CWE ID 770

Summary

CVE-2023-4578 is a vulnerability affecting Firefox versions prior to 117, Firefox ESR before 115.2, and Thunderbird before 115.2. In these software editions, a flaw in `JS::CheckRegExpSyntax` function allows for the mismanagement of memory allocation during syntax error handling. If memory cannot be allocated when required, an Out of Memory exception should be triggered. However, this exception is instead mishandled as a syntax error. This error condition can potentially be exploited by malicious actors to execute arbitrary code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sfauhO
https://www.cve.org/CVERecord?id=CVE-2023-4578
https://nvd.nist.gov/vuln/detail/CVE-2023-4578

Back to Vulnerability Database

CVE-2023-4578

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations