Search for vulnerabilities
Vulnerability details: VCID-4jjd-4pu5-aaad
Vulnerability ID VCID-4jjd-4pu5-aaad
Aliases CVE-2023-6857
Summary When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-363 Race Condition Enabling Link Following
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6857.json
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00104 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00254 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.00495 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
epss 0.01375 https://api.first.org/data/v1/epss?cve=CVE-2023-6857
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-6857
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-6857
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-55
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6857.json
https://api.first.org/data/v1/epss?cve=CVE-2023-6857
https://bugzilla.mozilla.org/show_bug.cgi?id=1796023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6873
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
https://www.debian.org/security/2023/dsa-5581
https://www.debian.org/security/2023/dsa-5582
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.mozilla.org/security/advisories/mfsa2023-55/
https://www.mozilla.org/security/advisories/mfsa2023-56/
2255362 https://bugzilla.redhat.com/show_bug.cgi?id=2255362
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-6857 https://nvd.nist.gov/vuln/detail/CVE-2023-6857
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-54 https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
mfsa2023-55 https://www.mozilla.org/en-US/security/advisories/mfsa2023-55
mfsa2023-56 https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
RHSA-2024:0001 https://access.redhat.com/errata/RHSA-2024:0001
RHSA-2024:0002 https://access.redhat.com/errata/RHSA-2024:0002
RHSA-2024:0003 https://access.redhat.com/errata/RHSA-2024:0003
RHSA-2024:0004 https://access.redhat.com/errata/RHSA-2024:0004
RHSA-2024:0005 https://access.redhat.com/errata/RHSA-2024:0005
RHSA-2024:0011 https://access.redhat.com/errata/RHSA-2024:0011
RHSA-2024:0012 https://access.redhat.com/errata/RHSA-2024:0012
RHSA-2024:0019 https://access.redhat.com/errata/RHSA-2024:0019
RHSA-2024:0021 https://access.redhat.com/errata/RHSA-2024:0021
RHSA-2024:0022 https://access.redhat.com/errata/RHSA-2024:0022
RHSA-2024:0023 https://access.redhat.com/errata/RHSA-2024:0023
RHSA-2024:0024 https://access.redhat.com/errata/RHSA-2024:0024
RHSA-2024:0025 https://access.redhat.com/errata/RHSA-2024:0025
RHSA-2024:0026 https://access.redhat.com/errata/RHSA-2024:0026
RHSA-2024:0027 https://access.redhat.com/errata/RHSA-2024:0027
RHSA-2024:0028 https://access.redhat.com/errata/RHSA-2024:0028
RHSA-2024:0029 https://access.redhat.com/errata/RHSA-2024:0029
RHSA-2024:0030 https://access.redhat.com/errata/RHSA-2024:0030
USN-6562-1 https://usn.ubuntu.com/6562-1/
USN-6563-1 https://usn.ubuntu.com/6563-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6857.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6857
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6857
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41567
EPSS Score 0.00097
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:55.087994+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-6857 34.0.0rc1