1. Home
  2. Vulnerabilities
  3. CVE-2023-4582

CVE-2023-4582

CVSS v3.1 8.8 (High)
88% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 4
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.
This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

Weaknesses
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2023-09-11 09:15:09
(12 months ago)
Updated Date
2023-09-14 03:52:38
(12 months ago)

Affected Products

Apple

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 117.0 version cpe:2.3:a:mozilla:firefox < 117.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 115.2 version cpe:2.3:a:mozilla:firefox_esr < 115.2
OR  
  Running on/with
  Mozilla Thunderbird prior 115.2 version cpe:2.3:a:mozilla:thunderbird < 115.2
OR  
  Running on/with
  Apple Macos cpe:2.3:o:apple:macos:-