Unrated severityNVD Advisory· Published Jun 2, 2023· Updated Jan 8, 2025

CVE-2023-29551

Description

Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory safety bugs in Firefox 111 that could potentially be exploited for arbitrary code execution.

Vulnerability

Firefox 111 and earlier versions (Firefox for Android < 112, Firefox < 112, and Focus for Android < 112) contain multiple memory safety bugs that showed evidence of memory corruption [1]. These bugs affect the core browser engine and could be triggered through various web content interactions.

Exploitation

An attacker could exploit these vulnerabilities by hosting malicious web content that triggers memory corruption. No user interaction beyond visiting the malicious webpage is required. The attacker does not need any special privileges or network position beyond serving the content [2].

Impact

Successful exploitation could allow the attacker to run arbitrary code in the context of the browser process. This could lead to full compromise of the user's browsing session, including data theft, extension manipulation, and system access [1].

Mitigation

These vulnerabilities are fixed in Firefox 112, Firefox for Android 112, and Focus for Android 112, released on April 11, 2023 [1]. Users should update to the latest version of their respective browser. No workarounds are available.

References

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Mozilla Corporation/Focus for Androidllm-fuzzy2 versions
<112+ 1 more
- (no CPE)range: <112
- (no CPE)range: unspecified
Mozilla Corporation/Firefoxllm-fuzzy2 versions
<112+ 1 more
- (no CPE)range: <112
- (no CPE)range: unspecified
Mozilla Corporation/Firefox for Androidllm-fuzzy2 versions
<112+ 1 more
- (no CPE)range: <112
- (no CPE)range: unspecified
osv-coords2 versions
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 112.0.1-1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000