Lucene search

K
mozillaMozilla FoundationMFSA2023-44
HistorySep 28, 2023 - 12:00 a.m.

Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, Firefox Focus for Android 118.1.0, and Thunderbird 115.3.1. β€” Mozilla

2023-09-2800:00:00
Mozilla Foundation
www.mozilla.org
73
firefox
thunderbird
heap buffer overflow
security update
vp8 media stream
content process

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%

Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild.

Affected configurations

Vulners
Node
mozillafirefoxRange<118.0.1
OR
mozillafirefox_esrRange<115.3.1
OR
mozillafirefoxRange<118.1android
OR
mozillathunderbirdRange<115.3.1

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%