CVE-2023-32210

medium

Description

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.

References

https://www.mozilla.org/security/advisories/mfsa2023-16/

https://security.gentoo.org/glsa/202401-10

https://bugzilla.mozilla.org/show_bug.cgi?id=1776755

Details

Source: Mitre, NVD

Published: 2023-06-19

Updated: 2024-01-07

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium