PT-2023-9060 · Mozilla+4 · Firefox+4

Ronald Crane

Publicado

2023-03-18

Atualizado

2025-03-14

CVE-2023-5173

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 118

Description The issue is related to an integer overflow in the Alternate Services component of the Firefox web browser. This could lead to an out-of-bounds write to privileged process memory, potentially allowing a remote attacker to compromise data integrity. The vulnerability is specifically related to non-standard configurations where a preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled.

Recommendations For Firefox versions prior to 118, update to version 118 or later to resolve the issue. As a temporary workaround, consider disabling the non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) until a patch is applied.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2023-5908

ALT-PU-2024-13898

ALT-PU-2024-14035

ALT-PU-2024-15840

ALT-PU-2024-4241

BDU:2024-03315

CVE-2023-5173

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13272-1

OPENSUSE-SU-2024:14572-1

ROSA-SA-2024-2371

USN-6404-1

USN-6404-2

Produtos afetados

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-9060 · Mozilla+4 · Firefox+4

CVE-2023-5173

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2081