8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
25.7%
On Windows, an integer overflow could occur in
RecordedSourceSurfaceCreation
which resulted in a heap buffer overflow
potentially leaking sensitive data that could have led to a sandbox escape.
This bug only affects Firefox on Windows. Other operating systems are
unaffected. This vulnerability affects Firefox < 117, Firefox ESR <
102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |