Upstream information

CVE-2023-23597 at MITRE


A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.

SUSE information

Overall state of this security issue: New

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • MozillaFirefox >= 109.0-1.1
  • MozillaFirefox-branding-upstream >= 109.0-1.1
  • MozillaFirefox-devel >= 109.0-1.1
  • MozillaFirefox-translations-common >= 109.0-1.1
  • MozillaFirefox-translations-other >= 109.0-1.1
openSUSE Tumbleweed GA MozillaFirefox-109.0-1.1

SUSE Timeline for this CVE

CVE page created: Sat Jan 21 01:25:50 2023
CVE page last modified: Fri Jun 2 22:05:25 2023