vulnerability

Red Hat: CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey (Multiple Advisories)

Name: Red Hat: CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey (Multiple Advisories)
Creator: Red Hat
Published: 2023-07-05T00:00:00.000Z
Keywords: CVE, CWE-416, Red Hat, 2023, 37202, Potential use, redhat-upgrade-firefox, redhat-upgrade-firefox-debuginfo, redhat-upgrade-firefox-debugsource, redhat-upgrade-firefox-x11, redhat-upgrade-thunderbird, redhat-upgrade-thunderbird-debuginfo, redhat-upgrade-thunderbird-debugsource, Severity 9

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Jul 5, 2023

Added

Jul 14, 2023

Modified

Mar 27, 2026

Description

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report