Integer Overflow Vulnerability in Firefox with Non-Standard Configuration

Integer Overflow Vulnerability in Firefox with Non-Standard Configuration

CVE-2023-5173 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.

Learn more about our Web App Pen Testing.