![]() Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. ![]() #CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 Reporter Chris Peterson, Andrew McCreight, André Bargull, Nika Layzell and the Mozilla Fuzzing Team Impact high Description ![]() This bug only affects Firefox on Windows when run in non-standard configurations (such as using runas). If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. #CVE-2023-5174: Double-free in process spawning on Windows Reporter Ronald Crane Impact moderate Description #CVE-2023-5171: Use-after-free in Ion Compiler Reporter Lukas Bernhard Impact high Descriptionĭuring Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. #CVE-2023-5169: Out-of-bounds write in PathOps Reporter sonakkbi Impact high DescriptionĪ compromised content process could have provided malicious data in a PathRecording resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This bug only affects Firefox on Windows. ![]() #CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 Reporter sonakkbi Impact high DescriptionĪ compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. ![]() Mozilla Foundation Security Advisory 2023-43 Security Vulnerabilities fixed in Thunderbird 115.3 Announced SeptemImpact high Products Thunderbird Fixed in ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |