CVE-2023-5174
CVSS v3.1
9.8 (Critical)
EPSS
0.08 % (35th)
Affected Products
4
Advisories
10
If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.
This bug only affects Firefox on Windows when run in non-standard configurations (such as using runas
). Other operating systems are unaffected. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2023-09-27 15:19:42
(11 months ago) - Updated Date
-
2023-09-29 14:19:44
(11 months ago)
Affected Products
Loading...
Loading...
Configuration #1
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...