Lucene search

K
cvelistMozillaCVELIST:CVE-2023-5173
HistorySep 27, 2023 - 2:13 p.m.

CVE-2023-5173

2023-09-2714:13:51
mozilla
www.cve.org
1
firefox
integer overflow
vulnerability
non-standard config

AI Score

8

Confidence

High

EPSS

0.001

Percentile

21.1%

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "118",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

AI Score

8

Confidence

High

EPSS

0.001

Percentile

21.1%