CVE-2023-5175

EPSS 0.35%
Veröffentlicht 27.09.2023 15:19:42
Zuletzt bearbeitet 01.05.2025 20:15:35
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 118

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.568

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://security.gentoo.org/glsa/202401-10

https://www.mozilla.org/security/advisories/mfsa2023-41/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1849704

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2023-5175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5175

EUVD