{"url":"http://public2.vulnerablecode.io/api/packages/387109?format=json","purl":"pkg:mozilla/Firefox%20ESR@102.15.0","type":"mozilla","namespace":"","name":"Firefox ESR","version":"102.15.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"102.15.1","latest_non_vulnerable_version":"140.11.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139815?format=json","vulnerability_id":"VCID-ezs2-dmsv-1ygm","summary":"When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4573.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4573.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4573","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33437","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236071","reference_id":"2236071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236071"},{"reference_url":"https://security.gentoo.org/glsa/202402-25","reference_id":"GLSA-202402-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-34"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-34/","reference_id":"mfsa2023-34","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-35","reference_id":"mfsa2023-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-35"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-35/","reference_id":"mfsa2023-35","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-35/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-36/","reference_id":"mfsa2023-36","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-37","reference_id":"mfsa2023-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-37"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-37/","reference_id":"mfsa2023-37","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-37/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-38/","reference_id":"mfsa2023-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4945","reference_id":"RHSA-2023:4945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4946","reference_id":"RHSA-2023:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4947","reference_id":"RHSA-2023:4947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4948","reference_id":"RHSA-2023:4948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4949","reference_id":"RHSA-2023:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4950","reference_id":"RHSA-2023:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4951","reference_id":"RHSA-2023:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4952","reference_id":"RHSA-2023:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4954","reference_id":"RHSA-2023:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4955","reference_id":"RHSA-2023:4955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4956","reference_id":"RHSA-2023:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4957","reference_id":"RHSA-2023:4957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4958","reference_id":"RHSA-2023:4958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4959","reference_id":"RHSA-2023:4959","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4959"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5019","reference_id":"RHSA-2023:5019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5019"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846687","reference_id":"show_bug.cgi?id=1846687","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:08:18Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1846687"},{"reference_url":"https://usn.ubuntu.com/6320-1/","reference_id":"USN-6320-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6320-1/"},{"reference_url":"https://usn.ubuntu.com/6368-1/","reference_id":"USN-6368-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6368-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/387109?format=json","purl":"pkg:mozilla/Firefox%20ESR@102.15.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@102.15.0"},{"url":"http://public2.vulnerablecode.io/api/packages/387070?format=json","purl":"pkg:mozilla/Firefox%20ESR@115.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@115.2.0"}],"aliases":["CVE-2023-4573"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezs2-dmsv-1ygm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@102.15.0"}