Main Vulnerability Database Vulnerabilities #VU73678

Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2023-25750

Published: March 14, 2023

Vulnerability identifier: #VU73678

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-25750

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox for Android

Detailed vulnerability description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to an unspecified error, which can cause the ServiceWorker's offline cache to be leaked to the file system when using private browsing mode. As a result, an attacker can gain unauthorized access to sensitive information on the system.

How to mitigate CVE-2023-25750

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/

Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2023-25750

Detailed vulnerability description

How to mitigate CVE-2023-25750

Sources

Please verify you're human