On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation
which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 117.0 | |
firefox_esr | lt | 102.15 | |
firefox_esr | ge | 115.0 | |
firefox_esr | lt | 115.2 | |
thunderbird | lt | 115.2 |