← back
CVE-2023-5171

CVE-2023-5171

EPSS 1.0%
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1851599https://lists.debian.org/debian-lts-announce/2023/09/msg00034.htmlhttps://lists.debian.org/debian-lts-announce/2023/10/msg00015.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/https://www.debian.org/security/2023/dsa-5506https://www.debian.org/security/2023/dsa-5513https://www.mozilla.org/security/advisories/mfsa2023-41/https://www.mozilla.org/security/advisories/mfsa2023-42/https://www.mozilla.org/security/advisories/mfsa2023-43/