VDB
CISA-2023-5168
CISA-2023-5168
PUBLISHED
CVSS 9.8 CRITICAL
Reported by mozilla · Published September 27, 2023
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Firefox ESR | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox | unspecified, * |
| Mozilla | Firefox ESR | unspecified, * |
| Mozilla | Thunderbird | unspecified, * |
Timeline
- Sep 27, 2023 CVE Published
- May 1, 2025 CVE Updated