{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-25731","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","assignerShortName":"mozilla","dateUpdated":"2025-01-10T17:28:39.783Z","dateReserved":"2023-02-13T00:00:00.000Z","datePublished":"2023-06-02T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2023-06-02T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110."}],"affected":[{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"unspecified","lessThan":"110","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Prototype pollution when rendering URLPreview"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:32:11.624Z"},"title":"CVE Program Container","references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","tags":["x_transferred"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1284","lang":"en","description":"CWE-1284 Improper Validation of Specified Quantity in Input"}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1801542","tags":["exploit"]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-01-10T17:28:34.345124Z","id":"CVE-2023-25731","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-10T17:28:39.783Z"}}]}}