CVE-2023-5168Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds Write9 documents7 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 50.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 27

Description

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5mozilla/firefoxunspecified118
NVDmozilla/firefox< 118
CVEListV5mozilla/firefox_esrunspecified115.3
NVDmozilla/firefox_esr< 115.3
CVEListV5mozilla/thunderbirdunspecified115.3

🔴Vulnerability Details

3
CVEList
CVE-2023-5168: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp2023-09-27
OSV
CVE-2023-5168: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp2023-09-27
GHSA
GHSA-jw9m-8h6f-3q76: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp2023-09-27

📋Vendor Advisories

5
Red Hat
Mozilla: Out-of-bounds write in FilterNodeD2D12023-09-26
Debian
CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD...2023
Mozilla
Mozilla Foundation Security Advisory 2023-42: CVE-2023-5168
Mozilla
Mozilla Foundation Security Advisory 2023-41: CVE-2023-5168
Mozilla
Mozilla Foundation Security Advisory 2023-43: CVE-2023-5168
CVE-2023-5168 — Out-of-bounds Write in Mozilla Firefox | cvebase