Rewterz Threat Advisory – CVE-2023-20010 – Cisco Unified Communications Manager Vulnerability
January 19, 2023Rewterz Threat Advisory – CVE-2022-47990 – IBM AIX Vulnerability
January 19, 2023Severity
Medium
Analysis Summary
CVE-2023-23606 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-23604 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to account for external URLs by regular expressions used to filter out forbidden properties and values from style directives in calls to console.log. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to exfiltrate data from the browser.
CVE-2023-23603 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to correctly apply Content Security Policy to WebSockets in WebWorkers. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to connections to restricted origins from inside WebWorkers.
CVE-2023-23602 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by navigations being allowed when dragging a URL from a cross-origin iframe into the same tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVE-2023-23601 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by navigations being allowed when dragging a URL from a cross-origin iframe into the same tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to conduct spoofing attacks.
CVE-2023-23600 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the incorrect storing of origin notification permissions. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to display notifications during different browsing sessions.
CVE-2023-23599 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the improper validation of output when copying a network request from the developer tools panel as a curl command. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to allow arbitrary commands to be hidden within.
CVE-2023-23597 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a logic bug in process allocation. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to read arbitrary files on the system.
CVE-2023-23598 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of text/plain for a GTK drag and drop on Linux. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using a call to DataTransfer.setData to read arbitrary files on the system.
CVE-2023-23605 CVSS:8.8
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of text/plain for a GTK drag and drop on Linux. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability using a call to DataTransfer.setData to read arbitrary files on the system.
Impact
- Code Execution
- Security Bypass
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-23606
- CVE-2023-23604
- CVE-2023-23603
- CVE-2023-23602
- CVE-2023-23601
- CVE-2023-23600
- CVE-2023-23599
- CVE-2023-23597
- CVE-2023-23598
- CVE-2023-23605
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 108
- Mozilla Firefox ESR 102.6
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.