A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-09-27T14:12:58.905Z

Updated: 2024-08-02T07:52:07.322Z

Reserved: 2023-09-25T15:03:40.914Z

Link: CVE-2023-5168

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-27T15:19:42.067

Modified: 2023-10-10T15:15:10.773

Link: CVE-2023-5168

cve-icon Redhat

Severity : Important

Publid Date: 2023-09-26T00:00:00Z

Links: CVE-2023-5168 - Bugzilla