Windows Integer Overflow Vulnerability in RecordedSourceSurfaceCreation

Windows Integer Overflow Vulnerability in RecordedSourceSurfaceCreation

CVE-2023-4576 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Learn more about our Cis Benchmark Audit For Operating Systems.