Lucene search

K
cvelistMozillaCVELIST:CVE-2023-5171
HistorySep 27, 2023 - 2:13 p.m.

CVE-2023-5171

2023-09-2714:13:12
mozilla
www.cve.org
ion compilation
garbage collection
use-after-free
nul bytes
exploitable crash
firefox
thunderbird

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "118",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]