PT-2023-9060 · Mozilla+4 · Firefox+4

Ronald Crane

Published

2023-03-18

Updated

2025-03-14

CVE-2023-5173

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 118

Description The issue is related to an integer overflow in the Alternate Services component of the Firefox web browser. This could lead to an out-of-bounds write to privileged process memory, potentially allowing a remote attacker to compromise data integrity. The vulnerability is specifically related to non-standard configurations where a preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled.

Recommendations For Firefox versions prior to 118, update to version 118 or later to resolve the issue. As a temporary workaround, consider disabling the non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) until a patch is applied.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-5908

ALT-PU-2024-13898

ALT-PU-2024-14035

ALT-PU-2024-15840

ALT-PU-2024-4241

BDU:2024-03315

CVE-2023-5173

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:13272-1

OPENSUSE-SU-2024:14572-1

ROSA-SA-2024-2371

USN-6404-1

USN-6404-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-9060 · Mozilla+4 · Firefox+4

CVE-2023-5173

Weakness Enumeration

Related Identifiers

Affected Products

References · 2081