6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
31.6%
firefox-esr is vulnerable to Denial Of Service (DoS). An attacker can supply malicious data to PathRecording
, causing an out-of-bounds write and potentially leading to an exploitable crash in a privileged process.
bugzilla.mozilla.org/show_bug.cgi?id=1846685
lists.debian.org/debian-lts-announce/2023/09/msg00034.html
lists.debian.org/debian-lts-announce/2023/10/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/
secdb.alpinelinux.org/edge/community.yaml
www.debian.org/security/2023/dsa-5506
www.debian.org/security/2023/dsa-5513
www.mozilla.org/security/advisories/mfsa2023-41/
www.mozilla.org/security/advisories/mfsa2023-42/
www.mozilla.org/security/advisories/mfsa2023-43/