Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community

Type apk

Namespace alpine

Name firefox-esr

Version 115.1.0-r0

Qualifiers

arch	loongarch64
distroversion	v3.21
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 115.2.0-r0

Latest_non_vulnerable_version 115.6.0-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3h6z-s6mj-mqgf

vulnerability_id VCID-3h6z-s6mj-mqgf

summary Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4056

reference_id

reference_type

scores

value	0.00645
scoring_system	epss
scoring_elements	0.71292
published_at	2026-06-14T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.71192
published_at	2026-06-11T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.71282
published_at	2026-06-12T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.71294
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4056

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228370
reference_id	2228370
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228370

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847

reference_id

buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4056

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3h6z-s6mj-mqgf

url VCID-5861-z27w-2kch

vulnerability_id VCID-5861-z27w-2kch

summary A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4047.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4047

reference_id

reference_type

scores

value	0.00621
scoring_system	epss
scoring_elements	0.70655
published_at	2026-06-14T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70555
published_at	2026-06-11T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70645
published_at	2026-06-12T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70658
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228362
reference_id	2228362
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228362

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1839073

reference_id

show_bug.cgi?id=1839073

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:16:57Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1839073

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4047

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5861-z27w-2kch

url VCID-adfe-j1mn-jyg8

vulnerability_id VCID-adfe-j1mn-jyg8

summary When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4055.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4055.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4055

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.59451
published_at	2026-06-14T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.59338
published_at	2026-06-11T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.59448
published_at	2026-06-12T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.5946
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228367
reference_id	2228367
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228367

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1782561

reference_id

show_bug.cgi?id=1782561

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:30:02Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1782561

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4055

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-adfe-j1mn-jyg8

url VCID-c2yr-56yz-1ye2

vulnerability_id VCID-c2yr-56yz-1ye2

summary Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4057.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4057.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4057

reference_id

reference_type

scores

value	0.0023
scoring_system	epss
scoring_elements	0.46067
published_at	2026-06-14T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.46081
published_at	2026-06-13T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.46074
published_at	2026-06-12T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45929
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4057

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228371
reference_id	2228371
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228371

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_id

mfsa2023-33

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1841682

reference_id

show_bug.cgi?id=1841682

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:20:29Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1841682

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6405-1/
reference_id	USN-6405-1
reference_type
scores
url	https://usn.ubuntu.com/6405-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4057

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2yr-56yz-1ye2

url VCID-h6nv-ygrv-kyen

vulnerability_id VCID-h6nv-ygrv-kyen

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4045.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4045.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4045

reference_id

reference_type

scores

value	0.00251
scoring_system	epss
scoring_elements	0.48871
published_at	2026-06-14T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48729
published_at	2026-06-11T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48866
published_at	2026-06-12T12:55:00Z

value	0.00251
scoring_system	epss
scoring_elements	0.48885
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228360
reference_id	2228360
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228360

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1833876

reference_id

show_bug.cgi?id=1833876

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:29:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1833876

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4045

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6nv-ygrv-kyen

url VCID-jcek-pgfg-g3b2

vulnerability_id VCID-jcek-pgfg-g3b2

summary

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. 
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4052.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4052.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4052

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.41017
published_at	2026-06-14T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.4103
published_at	2026-06-13T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.41008
published_at	2026-06-12T12:55:00Z

value	0.00191
scoring_system	epss
scoring_elements	0.40841
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4052

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228369
reference_id	2228369
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228369

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_id

mfsa2023-33

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1824420

reference_id

show_bug.cgi?id=1824420

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:38:55Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1824420

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4052

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcek-pgfg-g3b2

url VCID-nppc-1va3-fbc3

vulnerability_id VCID-nppc-1va3-fbc3

summary Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4049.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4049.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4049

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45955
published_at	2026-06-14T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45816
published_at	2026-06-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45961
published_at	2026-06-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45969
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228364
reference_id	2228364
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228364

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1842658

reference_id

show_bug.cgi?id=1842658

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1842658

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4049

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nppc-1va3-fbc3

url VCID-p4f1-pshk-t7eq

vulnerability_id VCID-p4f1-pshk-t7eq

summary In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4046.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4046.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4046

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45909
published_at	2026-06-14T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45771
published_at	2026-06-11T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45916
published_at	2026-06-12T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45924
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228361
reference_id	2228361
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228361

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1837686

reference_id

show_bug.cgi?id=1837686

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:25:12Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1837686

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

reference_url	https://usn.ubuntu.com/6406-1/
reference_id	USN-6406-1
reference_type
scores
url	https://usn.ubuntu.com/6406-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4046

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4f1-pshk-t7eq

url VCID-rqb9-n7mt-wkce

vulnerability_id VCID-rqb9-n7mt-wkce

summary

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. 
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4054.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4054.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4054

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10539
published_at	2026-06-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10574
published_at	2026-06-14T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10599
published_at	2026-06-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10597
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4054

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228366
reference_id	2228366
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228366

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-32/

reference_id

mfsa2023-32

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-32/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_id

mfsa2023-33

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-33/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1840777

reference_id

show_bug.cgi?id=1840777

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:37:04Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1840777

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4054

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqb9-n7mt-wkce

url VCID-stbg-nwyy-qqee

vulnerability_id VCID-stbg-nwyy-qqee

summary In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4050.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4050.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4050

reference_id

reference_type

scores

value	0.03618
scoring_system	epss
scoring_elements	0.88108
published_at	2026-06-14T12:55:00Z

value	0.03618
scoring_system	epss
scoring_elements	0.88063
published_at	2026-06-11T12:55:00Z

value	0.03618
scoring_system	epss
scoring_elements	0.88103
published_at	2026-06-12T12:55:00Z

value	0.03618
scoring_system	epss
scoring_elements	0.88109
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228365
reference_id	2228365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228365

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1843038

reference_id

show_bug.cgi?id=1843038

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T14:46:27Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1843038

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4050

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stbg-nwyy-qqee

url VCID-w2ww-tdyv-ryay

vulnerability_id VCID-w2ww-tdyv-ryay

summary An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4048.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4048

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.56327
published_at	2026-06-14T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56203
published_at	2026-06-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56323
published_at	2026-06-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.56338
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2228363
reference_id	2228363
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2228363

reference_url

https://www.debian.org/security/2023/dsa-5464

reference_id

dsa-5464

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://www.debian.org/security/2023/dsa-5464

reference_url

https://www.debian.org/security/2023/dsa-5469

reference_id

dsa-5469

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://www.debian.org/security/2023/dsa-5469

reference_url	https://security.gentoo.org/glsa/202402-25
reference_id	GLSA-202402-25
reference_type
scores
url	https://security.gentoo.org/glsa/202402-25

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_id

mfsa2023-29

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-29

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_id

mfsa2023-29

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-29/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_id

mfsa2023-30

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-30

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_id

mfsa2023-30

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-30/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_id

mfsa2023-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-31

reference_url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_id

mfsa2023-31

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2023-31/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_id

mfsa2023-32

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-32

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_id

mfsa2023-33

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-33

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_id

msg00008.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

reference_url	https://access.redhat.com/errata/RHSA-2023:4460
reference_id	RHSA-2023:4460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4460

reference_url	https://access.redhat.com/errata/RHSA-2023:4461
reference_id	RHSA-2023:4461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4461

reference_url	https://access.redhat.com/errata/RHSA-2023:4462
reference_id	RHSA-2023:4462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4462

reference_url	https://access.redhat.com/errata/RHSA-2023:4463
reference_id	RHSA-2023:4463
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4463

reference_url	https://access.redhat.com/errata/RHSA-2023:4464
reference_id	RHSA-2023:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4464

reference_url	https://access.redhat.com/errata/RHSA-2023:4465
reference_id	RHSA-2023:4465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4465

reference_url	https://access.redhat.com/errata/RHSA-2023:4468
reference_id	RHSA-2023:4468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4468

reference_url	https://access.redhat.com/errata/RHSA-2023:4469
reference_id	RHSA-2023:4469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4469

reference_url	https://access.redhat.com/errata/RHSA-2023:4492
reference_id	RHSA-2023:4492
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4492

reference_url	https://access.redhat.com/errata/RHSA-2023:4493
reference_id	RHSA-2023:4493
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4493

reference_url	https://access.redhat.com/errata/RHSA-2023:4494
reference_id	RHSA-2023:4494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4494

reference_url	https://access.redhat.com/errata/RHSA-2023:4495
reference_id	RHSA-2023:4495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4495

reference_url	https://access.redhat.com/errata/RHSA-2023:4496
reference_id	RHSA-2023:4496
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4496

reference_url	https://access.redhat.com/errata/RHSA-2023:4497
reference_id	RHSA-2023:4497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4497

reference_url	https://access.redhat.com/errata/RHSA-2023:4499
reference_id	RHSA-2023:4499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4499

reference_url	https://access.redhat.com/errata/RHSA-2023:4500
reference_id	RHSA-2023:4500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4500

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1841368

reference_id

show_bug.cgi?id=1841368

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1841368

reference_url	https://usn.ubuntu.com/6267-1/
reference_id	USN-6267-1
reference_type
scores
url	https://usn.ubuntu.com/6267-1/

reference_url	https://usn.ubuntu.com/6333-1/
reference_id	USN-6333-1
reference_type
scores
url	https://usn.ubuntu.com/6333-1/

fixed_packages

url	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/firefox-esr@115.1.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

aliases CVE-2023-4048

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2ww-tdyv-ryay

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@115.1.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

Package Instance