CVE-2023-25731

Published: Jun 2, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 110.0

Related CWEs

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (5)

https://bugzilla.mozilla.org/show_bug.cgi?id=1801542

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2023-05/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1801542

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2023-05/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1801542

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue TrackingPermissions Required

Timeline

No history available yet.