Lucene search

K

MozillaVULNRICHMENT:CVE-2023-5169

HistorySep 27, 2023 - 2:13 p.m.

CVE-2023-5169

2023-09-2714:13:08

mozilla

github.com

compromised process

out-of-bounds write

firefox

thunderbird

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

References

bugzilla.mozilla.org/show_bug.cgi?id=1846685

lists.debian.org/debian-lts-announce/2023/09/msg00034.html

lists.debian.org/debian-lts-announce/2023/10/msg00015.html

lists.fedoraproject.org/archives/list/[email protected]/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/

www.debian.org/security/2023/dsa-5506

www.debian.org/security/2023/dsa-5513

www.mozilla.org/security/advisories/mfsa2023-41/

www.mozilla.org/security/advisories/mfsa2023-42/

www.mozilla.org/security/advisories/mfsa2023-43/

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-5169