PT-2023-4746 · Google+5 · Angle+7

Dohyun Lee

Published

2023-08-29

Updated

2025-03-14

CVE-2023-4582

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 117 Firefox ESR versions prior to 115.2 Thunderbird versions prior to 115.2

Description The issue is related to a buffer overflow in the handling of private shader memory on macOS, specifically due to lenient allocation checks in Angle for glsl shaders. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is known to affect Firefox on macOS, while other operating systems are unaffected.

Recommendations For Firefox versions prior to 117, update to version 117 or later to resolve the issue. For Firefox ESR versions prior to 115.2, update to version 115.2 or later to resolve the issue. For Thunderbird versions prior to 115.2, update to version 115.2 or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

ALT-PU-2023-5213

ALT-PU-2023-5754

ALT-PU-2023-5836

ALT-PU-2023-6436

ALT-PU-2024-14035

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4241

ALT-PU-2024-4748

BDU:2023-05180

CVE-2023-4582

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_3519-1

OPENSUSE-SU-2023_3664-1

OPENSUSE-SU-2024:13176-1

OPENSUSE-SU-2024:13197-1

OPENSUSE-SU-2024:13202-1

OPENSUSE-SU-2024:14572-1

ROSA-SA-2024-2371

SUSE-SU-2023:3519-1

SUSE-SU-2023:3559-1

SUSE-SU-2023:3562-1

SUSE-SU-2023:3664-1

Affected Products

Alt Linux

Angle

Astra Linux

Firefox

Firefox Esr

Red Os

Suse

Thunderbird

PT-2023-4746 · Google+5 · Angle+7

CVE-2023-4582

Weakness Enumeration

Related Identifiers

Affected Products

References · 2091