CVE-2023-5170

2023-09-2714:13:28

mozilla

www.cve.org

firefox

canvas rendering

memory leak

vulnerability

sandbox escape

cve-2023-5170

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

31.2%

JSON

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "118",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]