CVE-2023-23597

Advisory lineage Upstream: 0 Downstream: 4

Downstream

OPENSUSE-SU-2024:12623-1 OPENSUSE-SU-2024:14572-1 UBUNTU-CVE-2023-23597 USN-5816-1

Modified

Published: 02 Jun 2023, 00:00

Last modified:18 Dec 2025, 15:23

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.15% LOW

0% probability +0.08%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Jun 2023, 00:00

Published

Vulnerability first disclosed

18 Dec 2025, 15:23

Last Modified

Vulnerability information updated

Description

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.15%• Percentile: 35%

Techniques & Countermeasures

CWE-326•Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Systems

mozilla•firefox
< 109.0 | ≥ unspecified, < 109