CVE-2023-29548 - Vulnerability Details

Vendors	Products
Mozilla	Firefox Firefox Esr Focus Thunderbird
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
firefox-0:102.10.0-1.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:1791	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:1806	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:102.10.0-1.el8_7	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:1787	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_7	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:1802	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
firefox-0:102.10.0-1.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:1792	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_1	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:1803	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:102.10.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:1789	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:1805	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
firefox-0:102.10.0-1.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:1789	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:1805	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
firefox-0:102.10.0-1.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:1789	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:1805	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
firefox-0:102.10.0-1.el8_4	cpe:/a:redhat:rhel_eus:8.4	RHSA-2023:1790	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_4	cpe:/a:redhat:rhel_eus:8.4	RHSA-2023:1804	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
firefox-0:102.10.0-1.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:1788	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:1811	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:102.10.0-1.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:1786	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:1809	2023-04-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
firefox-0:102.10.0-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1785	2023-04-14T00:00:00Z
thunderbird-0:102.10.0-2.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1810	2023-04-17T00:00:00Z

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1822754
https://nvd.nist.gov/vuln/detail/CVE-2023-29548
https://www.cve.org/CVERecord?id=CVE-2023-29548
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548
https://www.mozilla.org/security/advisories/mfsa2023-13/
https://www.mozilla.org/security/advisories/mfsa2023-14/
https://www.mozilla.org/security/advisories/mfsa2023-15/

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-29548", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2025-01-10T19:16:42.014Z", "dateReserved": "2023-04-07T00:00:00", "datePublished": "2023-06-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-06-02T00:00:00"}, "descriptions": [{"lang": "en", "value": "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "112", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Focus for Android", "versions": [{"version": "unspecified", "lessThan": "112", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"version": "unspecified", "lessThan": "102.10", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox for Android", "versions": [{"version": "unspecified", "lessThan": "112", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"version": "unspecified", "lessThan": "102.10", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Incorrect optimization result on ARM64"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.874Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T19:16:05.923866Z", "id": "CVE-2023-29548", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T19:16:42.014Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-29548 (string)

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

assignerShortName : mozilla (string)

dateUpdated : 2025-01-10T19:16:42.014Z (string)

dateReserved : 2023-04-07T00:00:00 (string)

datePublished : 2023-06-02T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

dateUpdated : 2023-06-02T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (string)

}

]

affected : [ »

0 : { »

vendor : Mozilla (string)

product : Firefox (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 112 (string)

status : affected (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : Mozilla (string)

product : Focus for Android (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 112 (string)

status : affected (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : Mozilla (string)

product : Firefox ESR (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 102.10 (string)

status : affected (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : Mozilla (string)

product : Firefox for Android (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 112 (string)

status : affected (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : Mozilla (string)

product : Thunderbird (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 102.10 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

}

3 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : Incorrect optimization result on ARM64 (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T14:14:38.874Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-noinfo Not enough information (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 6.5 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-01-10T19:16:05.923866Z (string)

id : CVE-2023-29548 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-10T19:16:42.014Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.874Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-29548", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-10T19:16:05.923866Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T19:16:34.461Z"}}], "cna": {"affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "112", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Focus for Android", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "112", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "102.10", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox for Android", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "112", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "102.10", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754"}], "descriptions": [{"lang": "en", "value": "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Incorrect optimization result on ARM64"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-06-02T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-29548", "state": "PUBLISHED", "dateUpdated": "2025-01-10T19:16:42.014Z", "dateReserved": "2023-04-07T00:00:00", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2023-06-02T00:00:00", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T14:14:38.874Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 6.5 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : NONE (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-29548 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-01-10T19:16:05.923866Z (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

description : CWE-noinfo Not enough information (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-01-10T19:16:34.461Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : Mozilla (string)

product : Firefox (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 112 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : Mozilla (string)

product : Focus for Android (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 112 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : Mozilla (string)

product : Firefox ESR (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 102.10 (string)

versionType : custom (string)

}

]

}

3 : { »

vendor : Mozilla (string)

product : Firefox for Android (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 112 (string)

versionType : custom (string)

}

]

}

4 : { »

vendor : Mozilla (string)

product : Thunderbird (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 102.10 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

}

3 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Incorrect optimization result on ARM64 (string)

}

]

}

]

providerMetadata : { »

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

dateUpdated : 2023-06-02T00:00:00 (string)

}

cveMetadata : { »

cveId : CVE-2023-29548 (string)

state : PUBLISHED (string)

dateUpdated : 2025-01-10T19:16:42.014Z (string)

dateReserved : 2023-04-07T00:00:00 (string)

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

datePublished : 2023-06-02T00:00:00 (string)

assignerShortName : mozilla (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE", "versionEndExcluding": "112.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D", "versionEndExcluding": "112.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587", "versionEndExcluding": "102.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:*", "matchCriteriaId": "296D52A2-6FE3-4667-AC75-D01A0043776F", "versionEndExcluding": "112.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72", "versionEndExcluding": "102.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10."}], "id": "CVE-2023-29548", "lastModified": "2025-01-10T20:15:29.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-06-02T17:15:12.880", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822754"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C6578F4-B46C-473F-8A17-CA6026C32FBE (string)

versionEndExcluding : 112.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:* (string)

matchCriteriaId : 216F0EFA-865A-45F5-B50F-B734312ED45D (string)

versionEndExcluding : 112.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 03736567-251A-4F75-992E-AB7C957FB587 (string)

versionEndExcluding : 102.10 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mozilla:focus:*:*:*:*:*:android:*:* (string)

matchCriteriaId : 296D52A2-6FE3-4667-AC75-D01A0043776F (string)

versionEndExcluding : 112.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72 (string)

versionEndExcluding : 102.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (string)

}

]

id : CVE-2023-29548 (string)

lastModified : 2025-01-10T20:15:29.247 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2023-06-02T17:15:12.880 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

}

1 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

}

2 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

}

3 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Permissions Required (string)

2 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1822754 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-13/ (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-14/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-15/ (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges JunYoung Park as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:1791", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:102.10.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1806", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:102.10.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1787", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:102.10.0-1.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1802", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:102.10.0-2.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1792", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "firefox-0:102.10.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1803", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "thunderbird-0:102.10.0-2.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1789", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:102.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1805", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:102.10.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1789", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "firefox-0:102.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1805", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "thunderbird-0:102.10.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1789", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "firefox-0:102.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1805", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "thunderbird-0:102.10.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1790", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "firefox-0:102.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1804", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "thunderbird-0:102.10.0-2.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1788", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "firefox-0:102.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1811", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "thunderbird-0:102.10.0-2.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1786", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:102.10.0-1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1809", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:102.10.0-2.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-04-17T00:00:00Z"}, {"advisory": "RHSA-2023:1785", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "firefox-0:102.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-14T00:00:00Z"}, {"advisory": "RHSA-2023:1810", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "thunderbird-0:102.10.0-2.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-17T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Incorrect optimization result on ARM64", "id": "2186110", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186110"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-682", "details": ["A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result."], "name": "CVE-2023-29548", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2023-04-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-29548\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29548\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges JunYoung Park as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2023:1791 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : firefox-0:102.10.0-1.el7_9 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2023-04-14T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:1806 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : thunderbird-0:102.10.0-2.el7_9 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2023-04-17T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2023:1787 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : firefox-0:102.10.0-1.el8_7 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-04-14T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2023:1802 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : thunderbird-0:102.10.0-2.el8_7 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2023-04-17T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2023:1792 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.1 (string)

package : firefox-0:102.10.0-1.el8_1 (string)

product_name : Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions (string)

release_date : 2023-04-14T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2023:1803 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.1 (string)

package : thunderbird-0:102.10.0-2.el8_1 (string)

product_name : Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions (string)

release_date : 2023-04-17T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2023:1789 (string)

cpe : cpe:/a:redhat:rhel_aus:8.2 (string)

package : firefox-0:102.10.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Advanced Update Support (string)

release_date : 2023-04-14T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2023:1805 (string)

cpe : cpe:/a:redhat:rhel_aus:8.2 (string)

package : thunderbird-0:102.10.0-2.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Advanced Update Support (string)

release_date : 2023-04-17T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2023:1789 (string)

cpe : cpe:/a:redhat:rhel_tus:8.2 (string)

package : firefox-0:102.10.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Telecommunications Update Service (string)

release_date : 2023-04-14T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2023:1805 (string)

cpe : cpe:/a:redhat:rhel_tus:8.2 (string)

package : thunderbird-0:102.10.0-2.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Telecommunications Update Service (string)

release_date : 2023-04-17T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2023:1789 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.2 (string)

package : firefox-0:102.10.0-1.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions (string)

release_date : 2023-04-14T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2023:1805 (string)

cpe : cpe:/a:redhat:rhel_e4s:8.2 (string)

package : thunderbird-0:102.10.0-2.el8_2 (string)

product_name : Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions (string)

release_date : 2023-04-17T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2023:1790 (string)

cpe : cpe:/a:redhat:rhel_eus:8.4 (string)

package : firefox-0:102.10.0-1.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Extended Update Support (string)

release_date : 2023-04-14T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2023:1804 (string)

cpe : cpe:/a:redhat:rhel_eus:8.4 (string)

package : thunderbird-0:102.10.0-2.el8_4 (string)

product_name : Red Hat Enterprise Linux 8.4 Extended Update Support (string)

release_date : 2023-04-17T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2023:1788 (string)

cpe : cpe:/a:redhat:rhel_eus:8.6 (string)

package : firefox-0:102.10.0-1.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2023-04-14T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2023:1811 (string)

cpe : cpe:/a:redhat:rhel_eus:8.6 (string)

package : thunderbird-0:102.10.0-2.el8_6 (string)

product_name : Red Hat Enterprise Linux 8.6 Extended Update Support (string)

release_date : 2023-04-17T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2023:1786 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : firefox-0:102.10.0-1.el9_1 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-04-14T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2023:1809 (string)

cpe : cpe:/a:redhat:enterprise_linux:9 (string)

package : thunderbird-0:102.10.0-2.el9_1 (string)

product_name : Red Hat Enterprise Linux 9 (string)

release_date : 2023-04-17T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2023:1785 (string)

cpe : cpe:/a:redhat:rhel_eus:9.0 (string)

package : firefox-0:102.10.0-1.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Extended Update Support (string)

release_date : 2023-04-14T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2023:1810 (string)

cpe : cpe:/a:redhat:rhel_eus:9.0 (string)

package : thunderbird-0:102.10.0-2.el9_0 (string)

product_name : Red Hat Enterprise Linux 9.0 Extended Update Support (string)

release_date : 2023-04-17T00:00:00Z (string)

}

]

bugzilla : { »

description : Mozilla: Incorrect optimization result on ARM64 (string)

id : 2186110 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2186110 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 3.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N (string)

status : verified (string)

}

cwe : CWE-682 (string)

details : [ »

0 : A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. (string)

1 : The Mozilla Foundation Security Advisory describes this flaw as: A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. (string)

]

name : CVE-2023-29548 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : firefox (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : thunderbird (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

]

public_date : 2023-04-11T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2023-29548 https://nvd.nist.gov/vuln/detail/CVE-2023-29548 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548 (string)

]

statement : Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. (string)

threat_severity : Low (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object