CVE-2023-5173Integer Overflow or Wraparound in Mozilla Firefox

CWE-190Integer Overflow or Wraparound11 documents8 sources
Severity
7.5HIGHNVD
OSV6.5
EPSS
0.2%
top 53.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 27
Latest updateOct 11

Description

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified118
NVDmozilla/firefox< 118
Ubuntumozilla/firefox< 118.0.1+build1-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2023-10-11
OSV
firefox vulnerabilities2023-10-03
OSV
CVE-2023-5173: In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unpr2023-09-28
CVEList
CVE-2023-5173: In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unpr2023-09-27
GHSA
GHSA-7873-qcmm-76jc: In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unpr2023-09-27

💥Exploits & PoCs

1
Nuclei
Jeecg-Boot v3.5.1 - SQL Injection

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-10-11
Ubuntu
Firefox vulnerabilities2023-10-03
Debian
CVE-2023-5173: firefox - In a non-standard configuration of Firefox, an integer overflow could have occur...2023
Mozilla
Mozilla Foundation Security Advisory 2023-41: CVE-2023-5173
CVE-2023-5173 — Integer Overflow or Wraparound | cvebase