CVE-2023-4573

Summary

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 117affected
MozillaFirefox ESRunspecified < 102.15affected
MozillaFirefox ESRunspecified < 115.2affected
MozillaThunderbirdunspecified < 102.15affected
MozillaThunderbirdunspecified < 115.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References