{"api_version":"1","generated_at":"2026-04-23T06:21:32+00:00","cve":"CVE-2023-25752","urls":{"html":"https://cve.report/CVE-2023-25752","api":"https://cve.report/api/cve/CVE-2023-25752.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25752","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25752"},"summary":{"title":"CVE-2023-25752","description":"When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-06-02 17:15:00","updated_at":"2023-06-09 18:40:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-09/","name":"https://www.mozilla.org/security/advisories/mfsa2023-09/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 111 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-10/","name":"https://www.mozilla.org/security/advisories/mfsa2023-10/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox ESR 102.9 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-11/","name":"https://www.mozilla.org/security/advisories/mfsa2023-11/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Thunderbird 102.9 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811627","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811627","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25752","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25752","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25752","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25752","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"25752","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25752","qid":"160509","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-1333)"},{"cve":"CVE-2023-25752","qid":"160510","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-1336)"},{"cve":"CVE-2023-25752","qid":"160513","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2023-1337)"},{"cve":"CVE-2023-25752","qid":"160518","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-1401)"},{"cve":"CVE-2023-25752","qid":"160520","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-1403)"},{"cve":"CVE-2023-25752","qid":"160522","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-1407)"},{"cve":"CVE-2023-25752","qid":"181632","title":"Debian Security Update for firefox-esr (DLA 3364-1)"},{"cve":"CVE-2023-25752","qid":"181636","title":"Debian Security Update for thunderbird (DLA 3365-1)"},{"cve":"CVE-2023-25752","qid":"181658","title":"Debian Security Update for firefox-esr (DSA 5374-1)"},{"cve":"CVE-2023-25752","qid":"181671","title":"Debian Security Update for thunderbird (DSA 5375-1)"},{"cve":"CVE-2023-25752","qid":"184801","title":"Debian Security Update for firefox-esrthunderbird (CVE-2023-25752)"},{"cve":"CVE-2023-25752","qid":"199242","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5954-1)"},{"cve":"CVE-2023-25752","qid":"199253","title":"Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5972-1)"},{"cve":"CVE-2023-25752","qid":"241272","title":"Red Hat Update for firefox (RHSA-2023:1336)"},{"cve":"CVE-2023-25752","qid":"241273","title":"Red Hat Update for firefox (RHSA-2023:1333)"},{"cve":"CVE-2023-25752","qid":"241275","title":"Red Hat Update for firefox (RHSA-2023:1337)"},{"cve":"CVE-2023-25752","qid":"241276","title":"Red Hat Update for firefox (RHSA-2023:1367)"},{"cve":"CVE-2023-25752","qid":"241278","title":"Red Hat Update for firefox (RHSA-2023:1364)"},{"cve":"CVE-2023-25752","qid":"241283","title":"Red Hat Update for thunderbird (RHSA-2023:1404)"},{"cve":"CVE-2023-25752","qid":"241284","title":"Red Hat Update for thunderbird (RHSA-2023:1403)"},{"cve":"CVE-2023-25752","qid":"241286","title":"Red Hat Update for thunderbird (RHSA-2023:1402)"},{"cve":"CVE-2023-25752","qid":"241287","title":"Red Hat Update for thunderbird (RHSA-2023:1407)"},{"cve":"CVE-2023-25752","qid":"241288","title":"Red Hat Update for thunderbird (RHSA-2023:1401)"},{"cve":"CVE-2023-25752","qid":"241289","title":"Red Hat Update for firefox (RHSA-2023:1444)"},{"cve":"CVE-2023-25752","qid":"241294","title":"Red Hat Update for thunderbird (RHSA-2023:1472)"},{"cve":"CVE-2023-25752","qid":"241597","title":"Red Hat Update for firefox (RHSA-2023:1479)"},{"cve":"CVE-2023-25752","qid":"241608","title":"Red Hat Update for firefox (RHSA-2023:1445)"},{"cve":"CVE-2023-25752","qid":"241654","title":"Red Hat Update for thunderbird (RHSA-2023:1443)"},{"cve":"CVE-2023-25752","qid":"241670","title":"Red Hat Update for thunderbird (RHSA-2023:1442)"},{"cve":"CVE-2023-25752","qid":"257232","title":"CentOS Security Update for firefox (CESA-2023:1333)"},{"cve":"CVE-2023-25752","qid":"354816","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2023-1988"},{"cve":"CVE-2023-25752","qid":"356287","title":"Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-004"},{"cve":"CVE-2023-25752","qid":"378071","title":"Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-10)"},{"cve":"CVE-2023-25752","qid":"378072","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2023-09)"},{"cve":"CVE-2023-25752","qid":"378084","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-11)"},{"cve":"CVE-2023-25752","qid":"503456","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-25752","qid":"506064","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-25752","qid":"710735","title":"Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)"},{"cve":"CVE-2023-25752","qid":"710739","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)"},{"cve":"CVE-2023-25752","qid":"753768","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0728-1)"},{"cve":"CVE-2023-25752","qid":"753800","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0763-1)"},{"cve":"CVE-2023-25752","qid":"753830","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:0835-1)"},{"cve":"CVE-2023-25752","qid":"940960","title":"AlmaLinux Security Update for firefox (ALSA-2023:1336)"},{"cve":"CVE-2023-25752","qid":"940961","title":"AlmaLinux Security Update for firefox (ALSA-2023:1337)"},{"cve":"CVE-2023-25752","qid":"940963","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:1403)"},{"cve":"CVE-2023-25752","qid":"940965","title":"AlmaLinux Security Update for thunderbird (ALSA-2023:1407)"},{"cve":"CVE-2023-25752","qid":"960884","title":"Rocky Linux Security Update for firefox (RLSA-2023:1336)"},{"cve":"CVE-2023-25752","qid":"960887","title":"Rocky Linux Security Update for thunderbird (RLSA-2023:1407)"},{"cve":"CVE-2023-25752","qid":"960888","title":"Rocky Linux Security Update for thunderbird (RLSA-2023:1403)"},{"cve":"CVE-2023-25752","qid":"960898","title":"Rocky Linux Security Update for firefox (RLSA-2023:1337)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-25752","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"111","version_affected":"<"}]}},{"product_name":"Firefox ESR","version":{"version_data":[{"version_value":"102.9","version_affected":"<"}]}},{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"102.9","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Potential out-of-bounds when accessing throttled streams"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-09/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-09/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-10/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-10/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-11/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-11/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811627","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1811627"}]},"description":{"description_data":[{"lang":"eng","value":"When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9."}]}},"nvd":{"publishedDate":"2023-06-02 17:15:00","lastModifiedDate":"2023-06-09 18:40:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"111.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"102.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"102.9","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}