CVE-2023-5168

Опубликовано: 27 сент. 2023

Источник: ubuntu

Приоритет: medium

CVSS3: 9.8

Описание

A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	code not present
esm-infra/focal	DNE
focal	not-affected	windows only
jammy	not-affected	code not present
lunar	ignored	end of life, was needs-triage
mantic	not-affected	code not present
noble	not-affected	code not present
trusty	ignored	end of standard support
upstream	not-affected	debian: Only affects Firefox on Windows

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	ignored
esm-apps/noble	ignored
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	ignored
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	DNE
esm-apps/bionic	ignored
esm-infra/focal	DNE
focal	DNE
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	DNE
esm-apps/focal	ignored
esm-infra/bionic	ignored
focal	ignored
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	ignored
focal	ignored
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE
upstream	ignored

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-apps/jammy	ignored
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	ignored	end of life, was needs-triage
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE
upstream	ignored

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	windows only
esm-infra/focal	DNE
focal	not-affected	windows only
jammy	not-affected	windows only
lunar	ignored	end of life, was needs-triage
mantic	not-affected	windows only
noble	not-affected	windows only
trusty	ignored	end of standard support
upstream	not-affected	debian: Only affects Thunderbird on Windows

Показывать по

Ссылки на источники

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2023-5168

CVSS3: 9.8

redhat

около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5168

CVSS3: 9.8

nvd

около 2 лет назад

CVE-2023-5168

CVSS3: 9.8

debian

около 2 лет назад

A compromised content process could have provided malicious data to `F ...

GHSA-jw9m-8h6f-3q76

CVSS3: 9.8

github

около 2 лет назад

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

SUSE-SU-2023:3899-1

suse-cvrf

около 2 лет назад

Security update for MozillaFirefox

9.8 Critical

CVSS3

CVE-2023-5168

Описание

Пакет firefox

Пакет mozjs102

Пакет mozjs38

Пакет mozjs52

Пакет mozjs68

Пакет mozjs78

Пакет mozjs91

Пакет thunderbird

Ссылки на источники

Связанные уязвимости