Headline
CVE-2023-37209: Invalid Bug ID
A use-after-free condition existed in NotifyOnHistoryReload
where a LoadingSessionHistoryEntry
object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.
Sorry, I can’t find "1837993?cve=title". It does not seem like bug number nor an alias to a bug.
Please press Back and try again.
Related news
Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.
Ubuntu Security Notice 6201-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Martin Hostettler discovered that Firefox did not properly block storage of all cookies when configured. An attacker could potentially exploits this issue to store tracking data without permission in localstorage.
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.