Vulnerabilities > CVE-2023-25747 - Use After Free vulnerability in Mozilla Firefox

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

mozilla

CWE-416

NVD

Published: 2023-06-19

Updated: 2023-06-27

Summary

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 80.0 Mozilla Firefox 83.0 Mozilla Firefox 84.0 Mozilla Firefox 84.1.3 Mozilla Firefox 92.0 Mozilla Firefox 104.0	6

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.mozilla.org/security/advisories/mfsa2023-08/
https://bugzilla.mozilla.org/show_bug.cgi?id=1815801