CVE-2023-5176
Advisory lineage Upstream: 0 Downstream: 31
Modified
Published: 27 Sept 2023, 14:13
Last modified:01 May 2025, 17:53
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
0.7% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Sept 2023, 14:13
Published
Vulnerability first disclosed
01 May 2025, 17:53
Last Modified
Vulnerability information updated
Description
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.70%• Percentile: 72%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
10.0 | 11.0 | 12.0
- Unknown•Firefox
≥ unspecified, < 118 | < 118
- mozilla•firefox esr
≥ unspecified, < 115.3 | < 115.3
- mozilla•thunderbird
≥ unspecified, < 115.3 | < 115.3
References (8)
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195
- https://www.mozilla.org/security/advisories/mfsa2023-41/
- https://www.mozilla.org/security/advisories/mfsa2023-42/
- https://www.mozilla.org/security/advisories/mfsa2023-43/
- https://www.debian.org/security/2023/dsa-5506
- https://lists.debian.org/debian-lts-announce/2023/09/msg00034.html
- https://www.debian.org/security/2023/dsa-5513
- https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html