In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe
) is enabled. This vulnerability affects Firefox < 118.
[
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "118",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]