OpenCVE

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Mozilla	Firefox Firefox Esr Thunderbird

Configuration 1 [-]

AND

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1846683
https://nvd.nist.gov/vuln/detail/CVE-2023-5168
https://www.cve.org/CVERecord?id=CVE-2023-5168
https://www.mozilla.org/security/advisories/mfsa2023-41/
https://www.mozilla.org/security/advisories/mfsa2023-42/
https://www.mozilla.org/security/advisories/mfsa2023-43/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-09-27T14:12:58.905Z

Updated: 2024-08-02T07:52:07.322Z

Reserved: 2023-09-25T15:03:40.914Z

Link: CVE-2023-5168

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-09-27T15:19:42.067

Modified: 2024-11-21T08:41:13.283

Link: CVE-2023-5168

Redhat

Severity : Important

Publid Date: 2023-09-26T00:00:00Z

Links: CVE-2023-5168 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5168", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-09-25T15:03:40.914Z", "datePublished": "2023-09-27T14:12:58.905Z", "dateUpdated": "2024-08-02T07:52:07.322Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "118", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A compromised content process could have provided malicious data to <code>FilterNodeD2D1</code> resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."}]}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds write in FilterNodeD2D1", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846683"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-41/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-42/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-43/"}], "credits": [{"lang": "en", "value": "sonakkbi"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-10-10T14:47:08.847Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:07.322Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846683", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-41/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-42/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-43/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "2216A424-94E2-45E7-BB95-646BFC8182E1", "versionEndExcluding": "118", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "EED826DF-6AB2-4D04-A4FC-A90EFDCB5EB9", "versionEndExcluding": "115.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "3ED03DF1-442F-4750-84BF-8C37C606843A", "versionEndExcluding": "115.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3."}, {"lang": "es", "value": "Un proceso de contenido comprometido podr\u00eda haber proporcionado datos maliciosos a `FilterNodeD2D1`, lo que habr\u00eda resultado en una escritura fuera de los l\u00edmites, lo que habr\u00eda provocado una falla potencialmente explotable en un proceso privilegiado. *Este error s\u00f3lo afecta a Firefox en Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 118, Firefox ESR < 115.3 y Thunderbird < 115.3."}], "id": "CVE-2023-5168", "lastModified": "2024-11-21T08:41:13.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:42.067", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846683"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-41/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-42/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-43/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846683"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-41/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-42/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-43/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sonakkbi as the original reporter.", "bugzilla": {"description": "Mozilla: Out-of-bounds write in FilterNodeD2D1", "id": "2240892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240892"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data to `FilterNodeD2D1`, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process."], "name": "CVE-2023-5168", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-09-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5168\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5168"], "statement": "This bug only affects Firefox on Windows. Red Hat Enterprise Linux is not affected by this CVE.", "threat_severity": "Important", "upstream_fix": "firefox 115.3"}