VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3c3j-c797-aaae

Essentials
Severities (97)
References (54)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-3c3j-c797-aaae
Aliases	CVE-2023-25735
Summary	Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25735.json
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00156	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
epss	0.01747	https://api.first.org/data/v1/epss?cve=CVE-2023-25735
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1810711
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1810711
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25735
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25735
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
generic_textual	low	https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-05/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-05/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-06/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-06/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-07/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-07/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25735.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-25735
		https://bugzilla.mozilla.org/show_bug.cgi?id=1810711
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://www.mozilla.org/security/advisories/mfsa2023-05/
		https://www.mozilla.org/security/advisories/mfsa2023-06/
		https://www.mozilla.org/security/advisories/mfsa2023-07/
2170378		https://bugzilla.redhat.com/show_bug.cgi?id=2170378
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-25735		https://nvd.nist.gov/vuln/detail/CVE-2023-25735
GLSA-202305-35		https://security.gentoo.org/glsa/202305-35
mfsa2023-05		https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
mfsa2023-06		https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
mfsa2023-07		https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
RHSA-2023:0805		https://access.redhat.com/errata/RHSA-2023:0805
RHSA-2023:0806		https://access.redhat.com/errata/RHSA-2023:0806
RHSA-2023:0807		https://access.redhat.com/errata/RHSA-2023:0807
RHSA-2023:0808		https://access.redhat.com/errata/RHSA-2023:0808
RHSA-2023:0809		https://access.redhat.com/errata/RHSA-2023:0809
RHSA-2023:0810		https://access.redhat.com/errata/RHSA-2023:0810
RHSA-2023:0811		https://access.redhat.com/errata/RHSA-2023:0811
RHSA-2023:0812		https://access.redhat.com/errata/RHSA-2023:0812
RHSA-2023:0817		https://access.redhat.com/errata/RHSA-2023:0817
RHSA-2023:0818		https://access.redhat.com/errata/RHSA-2023:0818
RHSA-2023:0819		https://access.redhat.com/errata/RHSA-2023:0819
RHSA-2023:0820		https://access.redhat.com/errata/RHSA-2023:0820
RHSA-2023:0821		https://access.redhat.com/errata/RHSA-2023:0821
RHSA-2023:0822		https://access.redhat.com/errata/RHSA-2023:0822
RHSA-2023:0823		https://access.redhat.com/errata/RHSA-2023:0823
RHSA-2023:0824		https://access.redhat.com/errata/RHSA-2023:0824
USN-5880-1		https://usn.ubuntu.com/5880-1/
USN-5943-1		https://usn.ubuntu.com/5943-1/
USN-6120-1		https://usn.ubuntu.com/6120-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25735.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1810711

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1810711

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25735

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25735

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:59:20Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Exploit Prediction Scoring System (EPSS)

Percentile	0.37394
EPSS Score	0.00156
Published At	May 31, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.