CVE-2023-43686
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: MITRE

Description
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2023-43686
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
malwarebytes malwarebytes 4.*
malwarebytes malwarebytes 5.*
malwarebytes malwarebytes to 4.6.14.326 (exc)
malwarebytes malwarebytes to 5.1.5.116 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Malwarebytes versions 4.x and 5.x, as well as the Nebula platform from 2020-10-21 and later. It occurs because a large number of Firefox preference files can cause the parser within Malwarebytes to ignore other browser configuration files.

As a result, the software fails to properly process all browser configuration files, which leads to a denial of service condition.

The issue is categorized under CWE-755: Improper Handling of Exceptional Conditions, has medium severity, and requires local access to exploit.

Impact Analysis

The primary impact of this vulnerability is a denial of service, meaning that Malwarebytes may fail to function correctly when processing browser configuration files.

This can reduce the effectiveness of Malwarebytes' protection capabilities, potentially leaving the system less secure or causing disruptions in normal operation.

Detection Guidance

This vulnerability involves Malwarebytes versions 4.x and 5.x (and Nebula 2020-10-21 and later) improperly handling a large number of Firefox preference files, which can cause denial of service. Detection would involve identifying if affected versions of Malwarebytes or Nebula components are installed on your system.

You can check the installed Malwarebytes version using commands appropriate to your operating system. For example, on Windows, you might check the installed program version via the Control Panel or use PowerShell commands like "Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Malwarebytes*' }". On Linux or macOS, if applicable, check the version via the application interface or command line if available.

Since the vulnerability is related to parsing Firefox preference files, monitoring logs or error messages from Malwarebytes indicating parsing issues or denial of service symptoms may also help detect the issue.

Mitigation Strategies

The primary mitigation step is to upgrade Malwarebytes and Nebula components to the patched versions.

  • Upgrade Malwarebytes 4 to version 4.6.14.326 or later.
  • Upgrade Malwarebytes 5 to version 5.1.5.116 or later.
  • Upgrade Nebula platform to the June 2024 release or later.
  • Upgrade Endpoint Agent to version 2.0.0.64 or later.
  • Upgrade Protection Service to version 4.6.17.334 or later.

These upgrades address the improper handling of Firefox preference files that lead to denial of service.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-43686. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart