CVE-2023-5173

Опубликовано: 27 сент. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	code not present
esm-infra/focal	DNE
focal	released	118.0.1+build1-0ubuntu0.20.04.1
jammy	not-affected	code not present
lunar	ignored	end of life, was needs-triage
mantic	not-affected	code not present
noble	not-affected	code not present
trusty	ignored	end of standard support
upstream	released	118.0-1

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	ignored
esm-apps/noble	ignored
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	ignored
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	DNE
esm-apps/bionic	ignored
esm-infra/focal	DNE
focal	DNE
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	DNE
esm-apps/focal	ignored
esm-infra/bionic	ignored
focal	ignored
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	ignored
focal	ignored
jammy	DNE
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE
upstream	ignored

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-apps/jammy	ignored
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	ignored	end of life, was needs-triage
mantic	DNE
noble	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra/focal	DNE
focal	DNE
jammy	ignored
lunar	DNE
mantic	DNE
noble	DNE
trusty	DNE
upstream	ignored

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected
esm-infra/focal	DNE
focal	not-affected
jammy	not-affected
lunar	ignored	end of life, was needed
mantic	not-affected
noble	not-affected
trusty	ignored	end of standard support
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%

0.00196

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-5173

CVSS3: 7.5

nvd

около 2 лет назад

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

CVE-2023-5173

CVSS3: 7.5

debian

около 2 лет назад

In a non-standard configuration of Firefox, an integer overflow could ...

GHSA-7873-qcmm-76jc

CVSS3: 7.5

github

около 2 лет назад

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

BDU:2024-03315

CVSS3: 7.5

fstec

больше 2 лет назад

Уязвимость компонента Alternate Services веб-браузера Firefox, связанная с целочисленным переполнением, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 42%

0.00196

Низкий

7.5 High

CVSS3

CVE-2023-5173

Описание

Пакет firefox

Пакет mozjs102

Пакет mozjs38

Пакет mozjs52

Пакет mozjs68

Пакет mozjs78

Пакет mozjs91

Пакет thunderbird

Ссылки на источники

Связанные уязвимости