Cnet mozilla firefox 64 bit11/18/2023 ![]() #CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation Reporter fffvr Impact high Description This could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. #CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback Reporter sonakkbi Impact high Description ![]() When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. #CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback Reporter sonakkbi Impact high Description When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. #CVE-2023-4573: Memory corruption in IPC CanvasTranslator Reporter sonakkbi Impact high Description In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. Mozilla Foundation Security Advisory 2023-37 Security Vulnerabilities fixed in Thunderbird 102.15 Announced AugImpact high Products Thunderbird Fixed in
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |