Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2023-5173
HistorySep 27, 2023 - 3:19 p.m.

CVE-2023-5173

2023-09-2715:19:42
Debian Security Bug Tracker
security-tracker.debian.org
12
firefox
integer overflow
network traffic
out-of-bounds write
privileged process
non-https
alternate services
vulnerability
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

21.1%

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 118.0-1firefox_118.0-1_all.deb

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

21.1%