CVE-2023-25752

Public on 2023-03-15

Modified on 2024-02-07

Description

The Mozilla Foundation describes this issue as follows:

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Firefox Extra	firefox	2023-08-21 21:01	ALAS2FIREFOX-2023-004
Amazon Linux 2 - Core	thunderbird	2023-03-17 16:34	ALAS2-2023-1988

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD	CVSSv3	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

Red Hat: CVE-2023-25752 Mitre: CVE-2023-25752 FAQs regarding Amazon Linux ALAS/CVE Severity