{"id":"CVE-2023-4577","details":"When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox \u003c 117, Firefox ESR \u003c 115.2, and Thunderbird \u003c 115.2.","modified":"2026-04-16T04:36:31.319529496Z","published":"2023-09-11T09:15:09.287Z","related":["ALSA-2023:4952","ALSA-2023:4954","ALSA-2023:4955","ALSA-2023:4958","SUSE-SU-2023:3519-1","SUSE-SU-2023:3559-1","SUSE-SU-2023:3562-1","SUSE-SU-2023:3664-1","openSUSE-SU-2024:13176-1","openSUSE-SU-2024:13197-1","openSUSE-SU-2024:13202-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1847397"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"117.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.2"}]},{"events":[{"introduced":"0"},{"fixed":"115.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4577.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}