CVE-2023-29531

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 112 Firefox ESR versions prior to 102.10 Thunderbird versions prior to 102.10

Description An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This issue affects Firefox and Thunderbird for macOS, with other operating systems being unaffected. The vulnerability may allow a remote attacker to execute arbitrary code by tricking the victim into visiting a specially crafted website, initiating a buffer overflow, and executing arbitrary code in the target system.

Recommendations For Firefox versions prior to 112, update to version 112 or later to resolve the issue. For Firefox ESR versions prior to 102.10, update to version 102.10 or later to resolve the issue. For Thunderbird versions prior to 102.10, update to version 102.10 or later to resolve the issue. As a temporary workaround, consider disabling the WebGL API until a patch is available. Restrict access to potentially vulnerable websites to minimize the risk of exploitation. Avoid using untrusted input data in the WebGL API to prevent buffer overflows.