CVE-2023-4576Integer Overflow or Wraparound in Mozilla Firefox

CWE-190Integer Overflow or WraparoundCWE-120Classic Buffer Overflow11 documents7 sources
Severity
8.6HIGHNVD
EPSS
0.3%
top 44.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 11

Description

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified117
NVDmozilla/firefox115.0115.2+1
CVEListV5mozilla/firefox_esrunspecified102.15+1
NVDmozilla/firefox_esr< 102.15
CVEListV5mozilla/thunderbirdunspecified102.15+1

🔴Vulnerability Details

3
OSV
CVE-2023-4576: On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive2023-09-11
GHSA
GHSA-qcr8-g46x-v65q: On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive2023-09-11
CVEList
Integer Overflow in RecordedSourceSurfaceCreation2023-09-11

📋Vendor Advisories

7
Red Hat
Mozilla: Integer Overflow in RecordedSourceSurfaceCreation2023-08-29
Debian
CVE-2023-4576: firefox - On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` w...2023
Mozilla
Mozilla Foundation Security Advisory 2023-38: CVE-2023-4576
Mozilla
Mozilla Foundation Security Advisory 2023-35: CVE-2023-4576
Mozilla
Mozilla Foundation Security Advisory 2023-37: CVE-2023-4576
CVE-2023-4576 — Integer Overflow or Wraparound | cvebase