1. Home
  2. Vulnerabilities
  3. CVE-2023-5173

CVE-2023-5173

CVSS v3.1 7.5 (High)
75% Progress
EPSS 0.06 % (24th)
0.06% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. This vulnerability affects Firefox < 118.

Weaknesses
CWE-190
Integer Overflow or Wraparound
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2023-09-27 15:19:42
(11 months ago)
Updated Date
2024-01-07 11:15:14
(8 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 118 version cpe:2.3:a:mozilla:firefox < 118