What is CVE-2023-29535?

CVE-2023-29535 is a vulnerability in Mozilla Firefox. Published 2023-06-02.

Is CVE-2023-29535 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Andro…

EPSS: 0.003 (56.9th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions unspecified
Mozilla Firefox Esr — versions unspecified
Mozilla Firefox For Android — versions unspecified
Mozilla Focus For Android — versions unspecified
Mozilla Thunderbird — versions unspecified

Public proof-of-concept exploits

5211-yx/javascript_
TimerIzaya/fuzzilli-plus
TimerIzaya/izayailli
googleprojectzero/fuzzilli
zhangjiahui-buaa/MasterThesis

References

www.mozilla.org/security/advisories/mfsa2023-15/
www.mozilla.org/security/advisories/mfsa2023-14/
www.mozilla.org/security/advisories/mfsa2023-13/
bugzilla.mozilla.org/show_bug.cgi

Frequently asked questions

What is CVE-2023-29535?: CVE-2023-29535 is a vulnerability in Mozilla Firefox. Published 2023-06-02.
Is CVE-2023-29535 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.