Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-5168

Опубликовано: 27 сент. 2023
Источник: debian

Описание

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxnot-affectedpackage
firefox-esrnot-affectedpackage
thunderbirdnot-affectedpackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5168

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5168

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5168

Связанные уязвимости

ubuntu логотип

CVE-2023-5168

CVSS3: 9.8
ubuntu
около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

redhat логотип

CVE-2023-5168

CVSS3: 9.8
redhat
около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

nvd логотип

CVE-2023-5168

CVSS3: 9.8
nvd
около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

github логотип

GHSA-jw9m-8h6f-3q76

CVSS3: 9.8
github
около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

suse-cvrf логотип

SUSE-SU-2023:3899-1

suse-cvrf
около 2 лет назад

Security update for MozillaFirefox