What is CVE-2023-29549?

CVE-2023-29549 is a vulnerability in Mozilla Firefox. Published 2023-06-02.

Is CVE-2023-29549 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2023-29549

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Fire…

EPSS: 0.002 (40.4th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions unspecified
Mozilla Firefox For Android — versions unspecified
Mozilla Focus For Android — versions unspecified

Public proof-of-concept exploits

5211-yx/javascript_
TimerIzaya/fuzzilli-plus
TimerIzaya/izayailli
googleprojectzero/fuzzilli
zhangjiahui-buaa/MasterThesis

References

www.mozilla.org/security/advisories/mfsa2023-13/
bugzilla.mozilla.org/show_bug.cgi

Frequently asked questions

What is CVE-2023-29549?: CVE-2023-29549 is a vulnerability in Mozilla Firefox. Published 2023-06-02.
Is CVE-2023-29549 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.