CVE-2023-5168
published 2023-09-27CVE-2023-5168: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 118 | 118 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 118 | 118 |
| mozilla | firefox_esr | < 115.3 | 115.3 |
| mozilla | firefox_esr | >= unspecified < 115.3 | 115.3 |
| mozilla | thunderbird | < 115.3 | 115.3 |
| mozilla | thunderbird | >= unspecified < 115.3 | 115.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
Red Hat
Mozilla: Out-of-bounds write in FilterNodeD2D1
vendor_redhat·2023-09-26·CVSS 9.8
CVE-2023-5168 [CRITICAL] CWE-787 Mozilla: Out-of-bounds write in FilterNodeD2D1
Mozilla: Out-of-bounds write in FilterNodeD2D1
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data to `FilterNodeD2D1`, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
Statement: This bug only affects Firefox on Windows. Red Hat Enterprise Linux is not affected by this C
Debian
CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD...
vendor_debian·2023·CVSS 9.8
CVE-2023-5168 [CRITICAL] CVE-2023-5168: firefox - A compromised content process could have provided malicious data to `FilterNodeD...
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2023-42: CVE-2023-5168
vendor_mozilla·CVSS 9.8
CVE-2023-5168 [CRITICAL] Mozilla Foundation Security Advisory 2023-42: CVE-2023-5168
Mozilla Foundation Security Advisory 2023-42
CVE: CVE-2023-5168
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.3
Mozilla
Mozilla Foundation Security Advisory 2023-41: CVE-2023-5168
vendor_mozilla·CVSS 9.8
CVE-2023-5168 [CRITICAL] Mozilla Foundation Security Advisory 2023-41: CVE-2023-5168
Mozilla Foundation Security Advisory 2023-41
CVE: CVE-2023-5168
Product: Firefox
Impact: high
Fixed in: Firefox 118
Mozilla
Mozilla Foundation Security Advisory 2023-43: CVE-2023-5168
vendor_mozilla·CVSS 9.8
CVE-2023-5168 [CRITICAL] Mozilla Foundation Security Advisory 2023-43: CVE-2023-5168
Mozilla Foundation Security Advisory 2023-43
CVE: CVE-2023-5168
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.3
OSV
CVE-2023-5168: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp
osv·2023-09-27·CVSS 9.8
CVE-2023-5168 [CRITICAL] CVE-2023-5168: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
GHSA
GHSA-jw9m-8h6f-3q76: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp
ghsa_unreviewed·2023-09-27
CVE-2023-5168 [CRITICAL] CWE-787 GHSA-jw9m-8h6f-3q76: A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exp
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1846683https://www.mozilla.org/security/advisories/mfsa2023-41/https://www.mozilla.org/security/advisories/mfsa2023-42/https://www.mozilla.org/security/advisories/mfsa2023-43/https://bugzilla.mozilla.org/show_bug.cgi?id=1846683https://www.mozilla.org/security/advisories/mfsa2023-41/https://www.mozilla.org/security/advisories/mfsa2023-42/https://www.mozilla.org/security/advisories/mfsa2023-43/
2023-09-27
Published