Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-5170
HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-5170

2023-09-2715:19:42
Debian Security Bug Tracker
security-tracker.debian.org
8
canvas rendering
memory leak
privileged process
sandbox escape
firefox
unix

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

28.1%

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 118.0-1firefox_118.0-1_all.deb

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

28.1%