CVE-2023-5170
Published: 27 September 2023
Summary
CVE-2023-5170 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Mozilla Firefox. Its CVSS base score is 7.4 (High).
Operationally, ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-57507
Vulnerability details
In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was…
more
leaked. This vulnerability affects Firefox < 118.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.