CVE-2023-4576 Information

Sep 16, 2023 cve

Description

On Windows an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 117 Firefox ESR < 102.15 Firefox ESR < 115.2 Thunderbird < 102.15 and Thunderbird < 115.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Reference

https://www.mozilla.org/security/advisories/mfsa2023-34/ https://www.mozilla.org/security/advisories/mfsa2023-36/ https://www.mozilla.org/security/advisories/mfsa2023-35/ https://bugzilla.mozilla.org/show_bug.cgi?id=1846694 https://www.mozilla.org/security/advisories/mfsa2023-38/ https://www.mozilla.org/security/advisories/mfsa2023-37/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

8.6

Share on: