Description
An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves a parser in Malwarebytes 4.x and 5.x, and Nebula 2020‑10‑21 and later, that mishandles a large number of Firefox preference files. When such files are present, the parser ignores other browser configuration files, causing the Malwarebytes process to hang or crash and rendering the application unusable. The weakness arises from insufficient input validation of preference file entries (CWE‑755), limiting the impact to the Malwarebytes process but potentially preventing legitimate scanning or protection functions.

Affected Systems

Key affected installations are Malwarebytes 4.x and 5.x and Nebula releases dated 2020‑10‑21 or newer. Users running these products on any operating system where Firefox preference files can be stored are at risk. The issue does not apply to Malwarebytes versions outside 4.x and 5.x, nor to older Nebula versions prior to 2020‑10‑21.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity. EPSS is not available and the vulnerability is not listed in CISA KEV. The parser bug can be triggered by supplying a large set of Firefox preference files, which can occur if an attacker can place such files into the user’s profile directory via local or potentially remote means. While no publicly documented exploit exists, a local attacker or malicious software that can write preference files could trigger the denial of service.

Generated by OpenCVE AI on June 9, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Malwarebytes update or patch that fixes the parsing bug once released by the vendor.
  • If no patch is available, delete or rename large Firefox preference files before launching Malwarebytes to avoid triggering the parser issue.
  • Follow the vendor’s official advisory and monitor for further updates or work‑arounds, and maintain a recent backup of important browser configuration files.

Generated by OpenCVE AI on June 9, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Malwarebytes
Malwarebytes malwarebytes
Vendors & Products Malwarebytes
Malwarebytes malwarebytes

Tue, 09 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Large Firefox Preference Files in Malwarebytes

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-755
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service.
References

Subscriptions

Malwarebytes Malwarebytes
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-09T19:26:47.712Z

Reserved: 2023-09-21T00:00:00.000Z

Link: CVE-2023-43686

cve-icon Vulnrichment

Updated: 2026-06-09T19:26:34.075Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T19:16:41.907

Modified: 2026-06-09T20:16:30.320

Link: CVE-2023-43686

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:30:16Z

Weaknesses