1. Home
  2. Security Advisories
  3. Mozilla
  4. MFSA-2023-41

[MFSA-2023-41] Security Vulnerabilities fixed in Firefox 118

Severity High
Affected Packages 1
Fixed Packages 1
CVEs 9
Info Packages References Vulnerabilities

  • CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 (high)
    A compromised content process could have provided malicious data to <code>FilterNodeD2D1</code> resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.
    This bug only affects Firefox on Windows. Other operating systems are unaffected.

  • CVE-2023-5169: Out-of-bounds write in PathOps (high)
    A compromised content process could have provided malicious data in a <code>PathRecording</code> resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.

  • CVE-2023-5170: Memory leak from a privileged process (high)
    In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked.

  • CVE-2023-5171: Use-after-free in Ion Compiler (high)
    During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash.

  • CVE-2023-5172: Memory Corruption in Ion Hints (high)
    A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash.

  • CVE-2023-5173: Out-of-bounds write in HTTP Alternate Services (moderate)
    In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory.
    This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (<code>network.http.altsvc.oe</code>) is enabled.

  • CVE-2023-5174: Double-free in process spawning on Windows (moderate)
    If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.
    This bug only affects Firefox on Windows when run in non-standard configurations (such as using <code>runas</code>). Other operating systems are unaffected.

  • CVE-2023-5175: Use-after-free of ImageBitmap during process shutdown (low)
    During process shutdown, it was possible that an <code>ImageBitmap</code> was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash.

  • CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (high)
    Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Package Affected Version
pkg:mozilla/Firefox < 118
Package Fixed Version
pkg:mozilla/Firefox = 118
ID
MFSA-2023-41
Severity
high
URL
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41
Published
2023-09-26T00:00:00
(11 months ago)
Modified
2023-09-26T00:00:00
(11 months ago)
Other Advisories
Source # ID Name URL
Bugzilla 1846683 https://bugzilla.mozilla.org/show_bug.cgi?id=1846683
Bugzilla 1846685 https://bugzilla.mozilla.org/show_bug.cgi?id=1846685
Bugzilla 1846686 https://bugzilla.mozilla.org/show_bug.cgi?id=1846686
Bugzilla 1851599 https://bugzilla.mozilla.org/show_bug.cgi?id=1851599
Bugzilla 1852218 https://bugzilla.mozilla.org/show_bug.cgi?id=1852218
Bugzilla 1823172 https://bugzilla.mozilla.org/show_bug.cgi?id=1823172
Bugzilla 1848454 https://bugzilla.mozilla.org/show_bug.cgi?id=1848454
Bugzilla 1849704 https://bugzilla.mozilla.org/show_bug.cgi?id=1849704
Bugzilla 1836353 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1836353
Bugzilla 1842674 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1842674
Bugzilla 1843824 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1843824
Bugzilla 1843962 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1843962
Bugzilla 1848890 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1848890
Bugzilla 1850180 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1850180
Bugzilla 1850983 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1850983
Bugzilla 1851195 Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 https://bugzilla.mozilla.org/show_bug.cgi?id=1851195
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:mozilla/Firefox Firefox < 118
Fixed pkg:mozilla/Firefox Firefox = 118
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date