๐Ÿ” CVE Alert

CVE-2023-23597

UNKNOWN 0.0

Logic bug in process allocation allowed to read arbitrary files

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.

Vendor mozilla
Product firefox
Ecosystems
Industries
Technology
Published Jun 2, 2023
Last Updated Dec 18, 2025
Stay Ahead of the Next One

Get instant alerts for mozilla firefox

Be the first to know when new unknown vulnerabilities affecting mozilla firefox are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Firefox
unspecified < 109

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1538028 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2023-01/

Credits

Niklas Baumstark