vulnerability

Amazon Linux AMI 2: CVE-2023-25731: Security patch for firefox, thunderbird (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Mar 7, 2023

Added

Mar 7, 2023

Modified

May 20, 2026

Description

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

Solutions

amazon-linux-ami-2-upgrade-firefoxamazon-linux-ami-2-upgrade-firefox-debuginfoamazon-linux-ami-2-upgrade-thunderbirdamazon-linux-ami-2-upgrade-thunderbird-debuginfo

References

AMAZON-AL2/ALAS-2023-1983
AMAZON-AL2/ALAS2FIREFOX-2023-007
AMAZON-AL2/ALASFIREFOX-2023-007
CVE-2023-25731
https://attackerkb.com/topics/CVE-2023-25731
CWE-1284
EUVD-EUVD-2023-29638
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-29638

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report