CVE-2023-4576

CVSS v3.1 8.6 (High)

EPSS 0.07 % (31^th)

Affected Products 4

Advisories 12

On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Weaknesses

CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-09-11 09:15:09
(12 months ago)
Updated Date: 2023-09-13 11:15:10
(12 months ago)

Affected Products

Microsoft

Windows

Mozilla

Configuration #1

AND

		CPE23	From	Up To
OR
	Mozilla Firefox prior 117.0 version	cpe:2.3:a:mozilla:firefox		< 117.0
OR
	Running on/with
	Mozilla Firefox Esr prior 102.15 version	cpe:2.3:a:mozilla:firefox_esr		< 102.15
OR
	Running on/with
	Mozilla Firefox Esr from 115.0 version and prior 115.2 version	cpe:2.3:a:mozilla:firefox_esr	>= 115.0	< 115.2
OR
	Running on/with
	Mozilla Thunderbird prior 115.2 version	cpe:2.3:a:mozilla:thunderbird		< 115.2
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-