CVE-2023-5170

Published: Sep 27, 2023Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 118.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=1846686

Source: security@mozilla.org

Issue TrackingPermissions Required

https://security.gentoo.org/glsa/202401-10

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2023-41/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1846686

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://security.gentoo.org/glsa/202401-10

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mozilla.org/security/advisories/mfsa2023-41/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.