CVE-2023-4582

2023-09-1108:01:51

mozilla

www.cve.org

buffer overflow

firefox

macos

cve-2023-4582

angle

shader

vulnerability

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "117",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]