CVE-2023-5175Use After Free in Mozilla Firefox

CWE-416Use After Free10 documents7 sources
Severity
9.8CRITICALNVD
OSV6.5
EPSS
0.4%
top 41.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 27
Latest updateOct 11

Description

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified118
NVDmozilla/firefox< 118
Ubuntumozilla/firefox< 118.0.1+build1-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2023-10-11
OSV
firefox vulnerabilities2023-10-03
OSV
CVE-2023-5175: During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leadi2023-09-28
GHSA
GHSA-9rpq-jq5j-fhq8: During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leadi2023-09-27
CVEList
CVE-2023-5175: During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leadi2023-09-27

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-10-11
Ubuntu
Firefox vulnerabilities2023-10-03
Debian
CVE-2023-5175: firefox - During process shutdown, it was possible that an `ImageBitmap` was created that ...2023
Mozilla
Mozilla Foundation Security Advisory 2023-41: CVE-2023-5175
CVE-2023-5175 — Use After Free in Mozilla Firefox | cvebase