CVE-2023-5171

Summary

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 118affected
MozillaFirefox ESRunspecified < 115.3affected
MozillaThunderbirdunspecified < 115.3affected

Weaknesses

  • Use-after-free in Ion Compiler

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References