Search for vulnerabilities
Vulnerability details: VCID-3mfc-xmpc-aaad
Vulnerability ID VCID-3mfc-xmpc-aaad
Aliases CVE-2023-4573
Summary When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4573.json
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
epss 0.02165 https://api.first.org/data/v1/epss?cve=CVE-2023-4573
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4573
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4573
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4573.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4573
https://bugzilla.mozilla.org/show_bug.cgi?id=1846687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584
https://www.mozilla.org/security/advisories/mfsa2023-34/
https://www.mozilla.org/security/advisories/mfsa2023-35/
https://www.mozilla.org/security/advisories/mfsa2023-36/
https://www.mozilla.org/security/advisories/mfsa2023-37/
https://www.mozilla.org/security/advisories/mfsa2023-38/
2236071 https://bugzilla.redhat.com/show_bug.cgi?id=2236071
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-4573 https://nvd.nist.gov/vuln/detail/CVE-2023-4573
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-34 https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
mfsa2023-35 https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
mfsa2023-36 https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
mfsa2023-37 https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
mfsa2023-38 https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
RHSA-2023:4945 https://access.redhat.com/errata/RHSA-2023:4945
RHSA-2023:4946 https://access.redhat.com/errata/RHSA-2023:4946
RHSA-2023:4947 https://access.redhat.com/errata/RHSA-2023:4947
RHSA-2023:4948 https://access.redhat.com/errata/RHSA-2023:4948
RHSA-2023:4949 https://access.redhat.com/errata/RHSA-2023:4949
RHSA-2023:4950 https://access.redhat.com/errata/RHSA-2023:4950
RHSA-2023:4951 https://access.redhat.com/errata/RHSA-2023:4951
RHSA-2023:4952 https://access.redhat.com/errata/RHSA-2023:4952
RHSA-2023:4954 https://access.redhat.com/errata/RHSA-2023:4954
RHSA-2023:4955 https://access.redhat.com/errata/RHSA-2023:4955
RHSA-2023:4956 https://access.redhat.com/errata/RHSA-2023:4956
RHSA-2023:4957 https://access.redhat.com/errata/RHSA-2023:4957
RHSA-2023:4958 https://access.redhat.com/errata/RHSA-2023:4958
RHSA-2023:4959 https://access.redhat.com/errata/RHSA-2023:4959
RHSA-2023:5019 https://access.redhat.com/errata/RHSA-2023:5019
USN-6320-1 https://usn.ubuntu.com/6320-1/
USN-6368-1 https://usn.ubuntu.com/6368-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4573.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4573
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4573
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47363
EPSS Score 0.00121
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.