CVE-2023-5176

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Published: Sep 27, 2023
Updated: Sep 30, 2023
CVE: CVE-2023-5176
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	118
mozilla / thunderbird	-	115.3
mozilla / firefox_esr	-	115.3
debian / debian_linux	11.0	11.0.x
debian / debian_linux	12.0	12.0.x
debian / debian_linux	10.0	10.0.x

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195
https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html
https://www.debian.org/security/2023/dsa-5506
https://www.debian.org/security/2023/dsa-5513
https://www.mozilla.org/security/advisories/mfsa2023-41/
https://www.mozilla.org/security/advisories/mfsa2023-42/
https://www.mozilla.org/security/advisories/mfsa2023-43/

Vulnerability Database

289,697

CVE-2023-5176