This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services ( ) is enabled. In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. #CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services Reporter Ronald Crane Impact moderate Description #CVE-2023-5172: Memory Corruption in Ion Hints Reporter Mozilla Fuzzing Team Impact high DescriptionĪ hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. #CVE-2023-5171: Use-after-free in Ion Compiler Reporter Lukas Bernhard Impact high Descriptionĭuring Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This memory leak could be used to effect a sandbox escape if the correct data was leaked. In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. #CVE-2023-5170: Memory leak from a privileged process Reporter sonakkbi Impact high Description #CVE-2023-5169: Out-of-bounds write in PathOps Reporter sonakkbi Impact high DescriptionĪ compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This bug only affects Firefox on Windows. #CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 Reporter sonakkbi Impact high DescriptionĪ compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Mozilla Foundation Security Advisory 2023-41 Security Vulnerabilities fixed in Firefox 118 Announced SeptemImpact high Products Firefox Fixed in
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |