Lucene search

K
cvelistMozillaCVELIST:CVE-2023-5169
HistorySep 27, 2023 - 2:13 p.m.

CVE-2023-5169

2023-09-2714:13:08
mozilla
www.cve.org
1
compromised content process
pathrecording
out-of-bounds write
exploitable crash
firefox
thunderbird

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "118",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]