Out-of-Bounds Write

2023-04-2009:38:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

firefox

vulnerability

out-of-bounds write

denial of service

code execution

memory management

remote attacker

local attacker

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.6%

JSON

Firefox is vulnerable to Out-of-Bounds Write. A remote local attacker is able to cause out-of-bound writes due to improper memory management operations, resulting in a denial of service or arbitrary code execution.

CPENameOperatorVersion
firefox:focaleq75.0+build3-0ubuntu1
firefox:focaleq83.0+build2-0ubuntu0.20.04.1
firefox:focaleq80.0.1+build1-0ubuntu0.20.04.1
firefox:focaleq80.0+build2-0ubuntu0.20.04.1
firefox:bioniceq92.0+build3-0ubuntu0.18.04.1
firefox:bioniceq83.0+build2-0ubuntu0.18.04.2
firefox:bioniceq80.0.1+build1-0ubuntu0.18.04.1
firefox:bioniceq80.0+build2-0ubuntu0.18.04.1
firefox:bioniceq59.0.2+build1-0ubuntu1
firefox:sideq81.0-2

Name	Operator	Version
firefox:focal	eq	75.0+build3-0ubuntu1
firefox:focal	eq	83.0+build2-0ubuntu0.20.04.1
firefox:focal	eq	80.0.1+build1-0ubuntu0.20.04.1
firefox:focal	eq	80.0+build2-0ubuntu0.20.04.1
firefox:bionic	eq	92.0+build3-0ubuntu0.18.04.1
firefox:bionic	eq	83.0+build2-0ubuntu0.18.04.2
firefox:bionic	eq	80.0.1+build1-0ubuntu0.18.04.1
firefox:bionic	eq	80.0+build2-0ubuntu0.18.04.1
firefox:bionic	eq	59.0.2+build1-0ubuntu1
firefox:sid	eq	81.0-2

Rows per page:

1-10 of 241

References

git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-29551

bugzilla.mozilla.org/buglist.cgi?bug_id=1763625%2C1814314%2C1815798%2C1815890%2C1819239%2C1819465%2C1819486%2C1819492%2C1819957%2C1820514%2C1820776%2C1821838%2C1822175%2C1823547

www.mozilla.org/security/advisories/mfsa2023-13/