Improper Encoding or Escaping of Output

CVE-2023-23599

Medium

6.5/10

Summary

When copying a network request from the developer tools panel as a curl command the output was not properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox prior to 109, Thunderbird prior to 102.7, and Firefox ESR prior to 102.7.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-116 - Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

Advisory
Firefox
Issue
Thunderbird
Firefox ESR

Advisory Timeline

Published Jun 02, 2023

Improper Encoding or Escaping of Output

CVE-2023-23599

Summary

CWE-116 - Improper Encoding or Escaping of Output

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS