CVE-2023-4050

Summary

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 116affected
MozillaFirefox ESRunspecified < 102.14affected
MozillaFirefox ESRunspecified < 115.1affected

Weaknesses

  • Stack buffer overflow in StorageManager

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References