CVE-2023-29531 — Out-of-bounds Write in Mozilla Firefox

CWE-787 — Out-of-bounds Write9 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 30.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedJun 19

Description

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5mozilla/firefoxunspecified — 112

▶NVDmozilla/firefox< 112.0

▶CVEListV5mozilla/firefox_esrunspecified — 102.10

▶NVDmozilla/firefox_esr< 102.10

▶CVEListV5mozilla/thunderbirdunspecified — 102.10

🔴Vulnerability Details

CVEList

CVE-2023-29531: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash↗2023-06-19

▶

GHSA

GHSA-x2cj-cp2c-fxvp: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash↗2023-06-19

▶

OSV

CVE-2023-29531: An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash↗2023-06-19

▶

📋Vendor Advisories

Red Hat

Mozilla: Out-of-bound memory access in WebGL on macOS↗2023-04-11

▶

Debian

CVE-2023-29531: firefox - An attacker could have caused an out of bounds memory access using WebGL APIs, l...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-14: CVE-2023-29531↗

▶

Mozilla

Mozilla Foundation Security Advisory 2023-15: CVE-2023-29531↗

▶

Mozilla

Mozilla Foundation Security Advisory 2023-13: CVE-2023-29531↗

▶