Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-5170
HistorySep 28, 2023 - 12:00 a.m.

CVE-2023-5170

2023-09-2800:00:00
ubuntu.com
ubuntu.com
8
canvas rendering compromised content process firefox 118 memory leak privileged process mozilla javascript engine ubuntu 22.04 firefox snap unix

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

28.1%

In canvas rendering, a compromised content process could have caused a
surface to change unexpectedly, leading to a memory leak of a privileged
process. This memory leak could be used to effect a sandbox escape if the
correct data was leaked. This vulnerability affects Firefox < 118.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

28.1%