Lucene search

PRIOn knowledge basePRION:CVE-2023-5176

HistorySep 27, 2023 - 3:19 p.m.

Memory corruption

2023-09-2715:19:00

PRIOn knowledge base

www.prio-n.com

memory safety bugs

firefox

thunderbird

memory corruption

arbitrary code execution

vulnerability

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
debian_linuxeq12.0
firefoxlt118
firefox_esrlt115.3
thunderbirdlt115.3

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
debian_linux	eq	12.0
firefox	lt	118
firefox_esr	lt	115.3
thunderbird	lt	115.3

References

bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195

lists.debian.org/debian-lts-announce/2023/09/msg00034.html

lists.debian.org/debian-lts-announce/2023/10/msg00015.html

www.debian.org/security/2023/dsa-5506

www.debian.org/security/2023/dsa-5513

www.mozilla.org/security/advisories/mfsa2023-41/

www.mozilla.org/security/advisories/mfsa2023-42/

www.mozilla.org/security/advisories/mfsa2023-43/