{"api_version":"1","generated_at":"2026-04-23T06:19:36+00:00","cve":"CVE-2023-25738","urls":{"html":"https://cve.report/CVE-2023-25738","api":"https://cve.report/api/cve/CVE-2023-25738.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25738","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25738"},"summary":{"title":"CVE-2023-25738","description":"Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-06-02 17:15:00","updated_at":"2023-06-08 16:10:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","name":"https://www.mozilla.org/security/advisories/mfsa2023-05/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 110 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","name":"https://www.mozilla.org/security/advisories/mfsa2023-06/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox ESR 102.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","name":"https://www.mozilla.org/security/advisories/mfsa2023-07/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Thunderbird 102.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25738","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25738","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25738","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25738","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25738","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25738","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25738","qid":"377975","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2023-05)"},{"cve":"CVE-2023-25738","qid":"377976","title":"Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-06)"},{"cve":"CVE-2023-25738","qid":"377993","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-07)"},{"cve":"CVE-2023-25738","qid":"503455","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-25738","qid":"506063","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-25738","qid":"710735","title":"Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)"},{"cve":"CVE-2023-25738","qid":"710739","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)"},{"cve":"CVE-2023-25738","qid":"753724","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0461-1)"},{"cve":"CVE-2023-25738","qid":"753729","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0466-1)"},{"cve":"CVE-2023-25738","qid":"753731","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0469-1)"},{"cve":"CVE-2023-25738","qid":"754204","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0469-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-25738","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"110","version_affected":"<"}]}},{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"102.8","version_affected":"<"}]}},{"product_name":"Firefox ESR","version":{"version_data":[{"version_value":"102.8","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Printing on Windows could potentially crash Firefox with some device drivers"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811852"}]},"description":{"description_data":[{"lang":"eng","value":"Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8."}]}},"nvd":{"publishedDate":"2023-06-02 17:15:00","lastModifiedDate":"2023-06-08 16:10:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"110.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"102.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"102.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}