Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2023-5173
HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-5173

2023-09-2715:19:00
Alpine Linux Development Team
security.alpinelinux.org
6
firefox
integer overflow
network traffic
out-of-bounds write
privileged process memory
vulnerability
alternate services
non-https
unix

EPSS

0.001

Percentile

21.1%

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.

OSVersionArchitecturePackageVersionFilename
Alpine3.18-communitynoarchfirefox= 116.0.3-r0UNKNOWN