7.4
CVE-2023-5170
- EPSS 0.59%
- Veröffentlicht 27.09.2023 15:19:42
- Zuletzt bearbeitet 21.11.2024 08:41:13
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.437 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://security.gentoo.org/glsa/202401-10
https://www.mozilla.org/security/advisories/mfsa2023-41/
https://bugzilla.mozilla.org/show_bug.cgi?id=1846686