CVE-2023-25731

HIGH

Firefox < 110 - Info Disclosure

Title source: llm

Description

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

References (2)

[Issue Tracking, Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1801542

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2023-05/

Scores

CVSS v3 8.8

EPSS 0.0028

EPSS Percentile 51.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-1284

Status published

Products (1)

mozilla/firefox < 110.0

Published Jun 02, 2023

Tracked Since Feb 18, 2026