{"api_version":"1","generated_at":"2026-04-23T06:08:30+00:00","cve":"CVE-2023-25731","urls":{"html":"https://cve.report/CVE-2023-25731","api":"https://cve.report/api/cve/CVE-2023-25731.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25731","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25731"},"summary":{"title":"CVE-2023-25731","description":"Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-06-02 17:15:00","updated_at":"2023-06-08 15:47:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","name":"https://www.mozilla.org/security/advisories/mfsa2023-05/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 110 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25731","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25731","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25731","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25731","qid":"199184","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5880-1)"},{"cve":"CVE-2023-25731","qid":"354801","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2023-1983"},{"cve":"CVE-2023-25731","qid":"356258","title":"Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-007"},{"cve":"CVE-2023-25731","qid":"356471","title":"Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-007"},{"cve":"CVE-2023-25731","qid":"377975","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2023-05)"},{"cve":"CVE-2023-25731","qid":"710739","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-25731","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"110","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Prototype pollution when rendering URLPreview"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542"}]},"description":{"description_data":[{"lang":"eng","value":"Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110."}]}},"nvd":{"publishedDate":"2023-06-02 17:15:00","lastModifiedDate":"2023-06-08 15:47:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"110.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}