CVE-2023-25735

Summary

CVE-2023-25735 is a cross-compartment wrapper vulnerability that affects Firefox versions below 110, Thunderbird versions below 102.8, and Firefox ESR versions below 102.8. This issue allows objects from other compartments to be stored in the main compartment when using scripted proxies. Once the proxy is unwrapped, these objects may result in a use-after-free vulnerability, potentially leading to arbitrary code execution or memory corruption. Attackers could exploit this flaw by tricking users into visiting malicious websites or opening compromised emails, allowing them to execute malicious code on the victim's system. Users should update their browsers and email clients to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.