Lucene search

K
cvelistMozillaCVELIST:CVE-2023-5170
HistorySep 27, 2023 - 2:13 p.m.

CVE-2023-5170

2023-09-2714:13:28
mozilla
www.cve.org
3
firefox
canvas rendering
memory leak
vulnerability
sandbox escape
cve-2023-5170

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

28.1%

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "118",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

28.1%