Bug 1215800 (ZDI-23-1467)

Summary:	VUL-0: ZDI-23-1467: MozillaFirefox: Mozilla Firefox JIT Boolean Conversion Crash due to missing check for uninitialized lexicals
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Mozilla Bugs <mozilla-bugs>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	cathy.hu
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/380214/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2023-09-28 09:39:53 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected
installations of Mozilla Firefox. User interaction is required to exploit this
vulnerability in that the target must visit a malicious page or open a malicious
file.

The specific flaw exists within the implementation of boolean conversions in the
JIT engine. The issue results from the lack of proper initialization of memory
prior to accessing it. An attacker can leverage this vulnerability to execute
code in the context of the current process.

Comment 1 Cathy Hu 2023-09-28 09:40:43 UTC

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1467/
https://bugzilla.mozilla.org/show_bug.cgi?id=1788528

Comment 2 Cathy Hu 2023-09-28 09:46:02 UTC

From the firefox bugtracker this is not exploitable and also not a remote code execution vuln, so i will not ask ZDI to assign a CVE.

This was fixed in firefox one year ago in the 106 version, so we are not affected.

Closing