CVE-2023-29549
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jun 2, 2023
Updated: Jan 10, 2025
CWE ID 326
Summary
CVE-2023-29549 is a vulnerability affecting Firefox for Android versions below 112, Firefox below 112, and Focus for Android below 112. It arises when the <code>bind</code> function is called under specific conditions, resulting in an incorrect realm assignment. This issue poses a risk to JavaScript-implemented sandboxes, including SES, potentially allowing unintended code execution or data access. Firefox and Focus users are advised to update to the latest versions to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share