VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1zj8-9xa4-eydr

Essentials
Severities (29)
References (49)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1zj8-9xa4-eydr
Aliases	CVE-2023-6212
Summary	Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6212.json
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
epss	0.0034	https://api.first.org/data/v1/epss?cve=CVE-2023-6212
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-6212
ssvc	Track	https://www.debian.org/security/2023/dsa-5561
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-49
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-50
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-52
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-49/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-50/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-52/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6212.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-6212
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6204
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6205
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6206
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6209
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6212
2250902		https://bugzilla.redhat.com/show_bug.cgi?id=2250902
buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-6212		https://nvd.nist.gov/vuln/detail/CVE-2023-6212
dsa-5561		https://www.debian.org/security/2023/dsa-5561
mfsa2023-49		https://www.mozilla.org/en-US/security/advisories/mfsa2023-49
mfsa2023-49		https://www.mozilla.org/security/advisories/mfsa2023-49/
mfsa2023-50		https://www.mozilla.org/en-US/security/advisories/mfsa2023-50
mfsa2023-50		https://www.mozilla.org/security/advisories/mfsa2023-50/
mfsa2023-52		https://www.mozilla.org/en-US/security/advisories/mfsa2023-52
mfsa2023-52		https://www.mozilla.org/security/advisories/mfsa2023-52/
msg00017.html		https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html
msg00030.html		https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html
RHSA-2023:7499		https://access.redhat.com/errata/RHSA-2023:7499
RHSA-2023:7500		https://access.redhat.com/errata/RHSA-2023:7500
RHSA-2023:7501		https://access.redhat.com/errata/RHSA-2023:7501
RHSA-2023:7502		https://access.redhat.com/errata/RHSA-2023:7502
RHSA-2023:7503		https://access.redhat.com/errata/RHSA-2023:7503
RHSA-2023:7504		https://access.redhat.com/errata/RHSA-2023:7504
RHSA-2023:7505		https://access.redhat.com/errata/RHSA-2023:7505
RHSA-2023:7506		https://access.redhat.com/errata/RHSA-2023:7506
RHSA-2023:7507		https://access.redhat.com/errata/RHSA-2023:7507
RHSA-2023:7508		https://access.redhat.com/errata/RHSA-2023:7508
RHSA-2023:7509		https://access.redhat.com/errata/RHSA-2023:7509
RHSA-2023:7510		https://access.redhat.com/errata/RHSA-2023:7510
RHSA-2023:7511		https://access.redhat.com/errata/RHSA-2023:7511
RHSA-2023:7512		https://access.redhat.com/errata/RHSA-2023:7512
RHSA-2023:7547		https://access.redhat.com/errata/RHSA-2023:7547
RHSA-2023:7569		https://access.redhat.com/errata/RHSA-2023:7569
RHSA-2023:7570		https://access.redhat.com/errata/RHSA-2023:7570
RHSA-2023:7573		https://access.redhat.com/errata/RHSA-2023:7573
RHSA-2023:7574		https://access.redhat.com/errata/RHSA-2023:7574
RHSA-2023:7577		https://access.redhat.com/errata/RHSA-2023:7577
USN-6509-1		https://usn.ubuntu.com/6509-1/
USN-6515-1		https://usn.ubuntu.com/6515-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6212.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6212

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://www.debian.org/security/2023/dsa-5561

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-49/

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-50/

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T18:37:05Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-52/

Exploit Prediction Scoring System (EPSS)

Percentile	0.56028
EPSS Score	0.0034
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:34.888942+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-50.yml	37.0.0