CVE-2023-5724
Mozilla: Large WebGL draw could have led to a crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podrĂa haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1.
The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash.
USN-6456-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking. Daniel Veditz discovered that Firefox did not properly validate a cookie containing invalid characters. An attacker could potentially exploit this issue to cause a denial of service. Shaheen Fazim discovered that Firefox did not properly validate the URLs open by installed WebExtension. An attacker could potentially exploit this issue to obtain sensitive information.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-10-23 CVE Reserved
- 2023-10-24 CVE Published
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html | Mailing List |
|
| https://www.debian.org/security/2023/dsa-5535 | Mailing List |
|
| https://www.debian.org/security/2023/dsa-5538 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-45 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-46 | 2023-11-02 | |
| https://www.mozilla.org/security/advisories/mfsa2023-47 | 2023-11-02 | |
| https://access.redhat.com/security/cve/CVE-2023-5724 | 2023-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245899 | 2023-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 119.0 Search vendor "Mozilla" for product "Firefox" and version " < 119.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 115.4 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.4" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 115.4.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.4.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||