CVE-2023-4576
Gentoo Linux Security Advisory 202402-25
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
En Windows, podría ocurrir un desbordamiento de enteros en `RecordedSourceSurfaceCreation`, lo que resultó en un desbordamiento del búfer que podría filtrar datos confidenciales que podrían haber llevado a un escape de la sandbox. *Este error sólo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2 y Thunderbird < 115.2.
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-08-29 CVE Reserved
- 2023-09-11 CVE Published
- 2024-09-26 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2023-37 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2023-34 | 2023-09-13 | |
| https://www.mozilla.org/security/advisories/mfsa2023-35 | 2023-09-13 | |
| https://www.mozilla.org/security/advisories/mfsa2023-36 | 2023-09-13 | |
| https://www.mozilla.org/security/advisories/mfsa2023-38 | 2023-09-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 117.0 Search vendor "Mozilla" for product "Firefox" and version " < 117.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 102.15 Search vendor "Mozilla" for product "Firefox Esr" and version " < 102.15" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | >= 115.0 < 115.2 Search vendor "Mozilla" for product "Firefox Esr" and version " >= 115.0 < 115.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 115.2 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|