Lucene search

K

[email protected]NVD:CVE-2023-4050

HistoryAug 01, 2023 - 3:15 p.m.

CVE-2023-4050

2023-08-0115:15:10

CWE-787

[email protected]

web.nvd.nist.gov

untrusted input

stack buffer

potential exploit

sandbox escape

firefox

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Affected configurations

NVD

Node

mozillafirefoxRange<116.0

OR

mozillafirefox_esrRange102.0–102.14

OR

mozillafirefox_esrRange115.0–115.1

Node

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1843038

lists.debian.org/debian-lts-announce/2023/08/msg00008.html

lists.debian.org/debian-lts-announce/2023/08/msg00010.html

www.debian.org/security/2023/dsa-5464

www.debian.org/security/2023/dsa-5469

www.mozilla.org/security/advisories/mfsa2023-29/

www.mozilla.org/security/advisories/mfsa2023-30/

www.mozilla.org/security/advisories/mfsa2023-31/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

Related for NVD:CVE-2023-4050