CVE-2023-23597

Upstream information

CVE-2023-23597 at MITRE

Description

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.

SUSE information

Overall state of this security issue: New

This issue is currently rated as having not set severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`MozillaFirefox >= 109.0-1.1` `MozillaFirefox-branding-upstream >= 109.0-1.1` `MozillaFirefox-devel >= 109.0-1.1` `MozillaFirefox-translations-common >= 109.0-1.1` `MozillaFirefox-translations-other >= 109.0-1.1`	Patchnames: openSUSE Tumbleweed GA MozillaFirefox-109.0-1.1

SUSE Timeline for this CVE

CVE page created: Sat Jan 21 01:25:50 2023
CVE page last modified: Fri Jun 2 22:05:25 2023

CVE-2023-23597

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

SUSE Timeline for this CVE

Business-Critical Linux

Enterprise Container Management

Edge

Solutions

Industries

Support

Services

Resources

Partners

Communities

About