← volver
CVE-2023-4574

Memory corruption in IPC ColorPickerShownCallback

EPSS 0.6%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 sep 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →