vulnerability

Red Hat: CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey (Multiple Advisories)

Name: Red Hat: CVE-2023-25735: Potential use-after-free from compartment mismatch in SpiderMonkey (Multiple Advisories)
Creator: Red Hat
Published: 2023-02-20T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2023, 25735, Potential use, redhat-upgrade-firefox, redhat-upgrade-firefox-debuginfo, redhat-upgrade-firefox-debugsource, redhat-upgrade-firefox-x11, redhat-upgrade-thunderbird, redhat-upgrade-thunderbird-debuginfo, redhat-upgrade-thunderbird-debugsource, Severity 9

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Feb 20, 2023

Added

Feb 22, 2023

Modified

Mar 27, 2026

Description

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report