![]() ![]() #CVE-2023-5732: Address bar spoofing via bidirectional characters Reporter Armin Ebert Impact moderate DescriptionĪn attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. #CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics Reporter Lukas Bernhard Impact high Description This bug only affects Firefox on Windows. ![]() On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. #CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation Reporter fffvr Impact high Description This could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. ![]() #CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback Reporter sonakkbi Impact high Description When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. #CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback Reporter sonakkbi Impact high Description ![]() When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. #CVE-2023-4573: Memory corruption in IPC CanvasTranslator Reporter sonakkbi Impact high Description This advisory was updated Octoto add CVE-2023-5732 which was included in the original release of Firefox 117, but did not appear in the advisory published at that time. Mozilla Foundation Security Advisory 2023-34 Security Vulnerabilities fixed in Firefox 117 Announced AugImpact high Products Firefox Fixed in ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |