Login Sign Up

CVE-2023-6873

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-6873 is a memory corruption vulnerability in Firefox that could allow an attacker to execute arbitrary code on a victim's system. It affects Firefox versions before 121. Users who browse malicious websites or open crafted content are at risk.

💻 Affected Systems

Products:
  • Mozilla Firefox
Versions: Firefox < 121
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Firefox versions are vulnerable. Extensions or security settings do not mitigate this memory corruption issue.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Browser crash or denial of service; successful exploitation requires user interaction with malicious content.

🟢

If Mitigated

Limited impact if browser sandboxing and exploit mitigations are effective; may result only in browser crash.

🌐 Internet-Facing: HIGH - Attackers can host malicious websites accessible to any Firefox user.
🏢 Internal Only: MEDIUM - Risk exists if users browse internal malicious content, but external attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Memory corruption bugs require significant effort to weaponize reliably. No public exploits have been reported, but the CVSS score suggests high impact if exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 121

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2023-56/

Restart Required: Yes

Instructions:

1. Open Firefox. 2. Click menu > Help > About Firefox. 3. Allow automatic update to Firefox 121. 4. Restart Firefox when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to reduce attack surface, though this breaks most web functionality.

about:config -> javascript.enabled = false

🧯 If You Can't Patch

  • Restrict browsing to trusted websites only.
  • Use alternative browser until Firefox can be updated.

🔍 How to Verify

Check if Vulnerable:

Open Firefox, go to menu > Help > About Firefox, check if version is below 121.

Check Version:

firefox --version

Verify Fix Applied:

Confirm Firefox version is 121 or higher in About Firefox.

📡 Detection & Monitoring

Log Indicators:

  • Firefox crash reports with memory access violations
  • Unexpected browser process termination

Network Indicators:

  • Connections to suspicious domains hosting crafted content

SIEM Query:

source="firefox.log" AND ("crash" OR "segmentation fault" OR "access violation")

📊 Metadata

CVE ID: CVE-2023-6873
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: December 19, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6873, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)