Main Vulnerability Database Vulnerabilities #VU80100

#VU80100 Buffer overflow in Mozilla Firefox and Firefox ESR - CVE-2023-4582

Published: August 29, 2023

Vulnerability identifier: #VU80100

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-4582

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebGL glGetProgramiv. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability affects only Firefox installations on macOS.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/

#VU80100 Buffer overflow in Mozilla Firefox and Firefox ESR - CVE-2023-4582

Description

Remediation

External links

Please verify you're human