A compromised content process could have provided malicious data to FilterNodeD2D1
resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 118 | |
firefox_esr | lt | 115.3 | |
thunderbird | lt | 115.3 |