CVE-2023-5169 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Debian Debian Linux. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 47.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird <…
Adversaries may exploit vulnerabilities to evade detection by hiding activity, suppressing logging, or operating within trusted or unmonitored components.
The vulnerability enables a compromised sandboxed content process to perform an out-of-bounds write in a privileged process, facilitating exploitation for privilege escalation (T1068) and defense evasion via sandbox escape (T1211).
Affected Assets
mozilla
firefox
≤ 118
mozilla
firefox esr
≤ 115.3
mozilla
thunderbird
≤ 115.3
debian
debian linux
10.0, 11.0, 12.0
fedoraproject
fedora
39
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.