Sandbox escape due to incorrect boundary conditions in the Networking component
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Description: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Metrics
Version
Base score
Base severity
Vector
3.1
9.6
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version:3.1
Base score:9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
Event
Date
Replaced By
Rejected Reason
References
Hyperlink
Resource
2. firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:
Sandbox escape due to incorrect boundary conditions in the Networking component