CVE-2023-4582Classic Buffer Overflow in Mozilla Firefox

CWE-120Classic Buffer Overflow8 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 11

Description

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified117
NVDmozilla/firefox< 117.0
CVEListV5mozilla/firefox_esrunspecified115.2
NVDmozilla/firefox_esr< 115.2
CVEListV5mozilla/thunderbirdunspecified115.2

🔴Vulnerability Details

2
CVEList
Buffer Overflow in WebGL glGetProgramiv2023-09-11
GHSA
GHSA-vqqw-c55h-3h3r: Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shade2023-09-11

📋Vendor Advisories

5
Red Hat
Mozilla: Buffer Overflow in WebGL glGetProgramiv2023-08-29
Debian
CVE-2023-4582: firefox - Due to large allocation checks in Angle for glsl shaders being too lenient a buf...2023
Mozilla
Mozilla Foundation Security Advisory 2023-38: CVE-2023-4582
Mozilla
Mozilla Foundation Security Advisory 2023-36: CVE-2023-4582
Mozilla
Mozilla Foundation Security Advisory 2023-34: CVE-2023-4582
CVE-2023-4582 — Classic Buffer Overflow in Mozilla | cvebase