๐Ÿ” CVE Alert

CVE-2023-23604

MEDIUM 6.5

Creation of duplicate SystemPrincipal from less secure contexts

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.

Vendor mozilla
Product firefox
Ecosystems
Industries
Technology
Published Jun 2, 2023
Last Updated Dec 18, 2025
Stay Ahead of the Next One

Get instant alerts for mozilla firefox

Be the first to know when new medium vulnerabilities affecting mozilla firefox are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Mozilla / Firefox
unspecified < 109

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1802346 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2023-01/

Credits

Nika Layzell