When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1842030 | Issue Tracking |
https://www.mozilla.org/security/advisories/mfsa2023-34/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-36/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-38/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2023-09-11T08:02:01.933Z
Updated: 2023-09-11T08:02:01.933Z
Reserved: 2023-08-29T03:37:00.389Z
Link: CVE-2023-4583
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-11T09:15:09.680
Modified: 2023-09-14T03:52:30.463
Link: CVE-2023-4583
JSON object: View
Redhat Information
No data.
CWE