CVE-2023-5173
N/A
N/A
Summary
In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 118 | affected |
Weaknesses
- Out-of-bounds write in HTTP Alternate Services
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823172
- https://www.mozilla.org/security/advisories/mfsa2023-41/
- https://security.gentoo.org/glsa/202401-10
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823172
- https://www.mozilla.org/security/advisories/mfsa2023-41/
- https://security.gentoo.org/glsa/202401-10
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.