CVE-2023-4573

CVSS v3.1 6.5 (Medium)

EPSS 0.08 % (36^th)

Affected Products 3

Advisories 31

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-09-11 08:15:07
(12 months ago)
Updated Date: 2023-09-13 11:15:10
(12 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	From	Up To
Mozilla Firefox prior 117.0 version	cpe:2.3:a:mozilla:firefox		< 117.0
Mozilla Firefox Esr prior 102.15 version	cpe:2.3:a:mozilla:firefox_esr		< 102.15
Mozilla Firefox Esr from 115.0 version and prior 115.2 version	cpe:2.3:a:mozilla:firefox_esr	>= 115.0	< 115.2
Mozilla Thunderbird prior 115.2 version	cpe:2.3:a:mozilla:thunderbird		< 115.2