Search for vulnerabilities
Vulnerability details: VCID-5aj9-p5pj-aaae
Vulnerability ID VCID-5aj9-p5pj-aaae
Aliases CVE-2023-4584
Summary Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4584.json
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0021 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00310 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00310 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00310 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.00310 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.0081 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
epss 0.02566 https://api.first.org/data/v1/epss?cve=CVE-2023-4584
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4584
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4584
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4584.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4584
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1843968%2C1845205%2C1846080%2C1846526%2C1847529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584
https://www.mozilla.org/security/advisories/mfsa2023-34/
https://www.mozilla.org/security/advisories/mfsa2023-35/
https://www.mozilla.org/security/advisories/mfsa2023-36/
https://www.mozilla.org/security/advisories/mfsa2023-37/
https://www.mozilla.org/security/advisories/mfsa2023-38/
2236084 https://bugzilla.redhat.com/show_bug.cgi?id=2236084
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-4584 https://nvd.nist.gov/vuln/detail/CVE-2023-4584
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-34 https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
mfsa2023-35 https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
mfsa2023-36 https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
mfsa2023-37 https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
mfsa2023-38 https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
RHSA-2023:4945 https://access.redhat.com/errata/RHSA-2023:4945
RHSA-2023:4946 https://access.redhat.com/errata/RHSA-2023:4946
RHSA-2023:4947 https://access.redhat.com/errata/RHSA-2023:4947
RHSA-2023:4948 https://access.redhat.com/errata/RHSA-2023:4948
RHSA-2023:4949 https://access.redhat.com/errata/RHSA-2023:4949
RHSA-2023:4950 https://access.redhat.com/errata/RHSA-2023:4950
RHSA-2023:4951 https://access.redhat.com/errata/RHSA-2023:4951
RHSA-2023:4952 https://access.redhat.com/errata/RHSA-2023:4952
RHSA-2023:4954 https://access.redhat.com/errata/RHSA-2023:4954
RHSA-2023:4955 https://access.redhat.com/errata/RHSA-2023:4955
RHSA-2023:4956 https://access.redhat.com/errata/RHSA-2023:4956
RHSA-2023:4957 https://access.redhat.com/errata/RHSA-2023:4957
RHSA-2023:4958 https://access.redhat.com/errata/RHSA-2023:4958
RHSA-2023:4959 https://access.redhat.com/errata/RHSA-2023:4959
RHSA-2023:5019 https://access.redhat.com/errata/RHSA-2023:5019
USN-6320-1 https://usn.ubuntu.com/6320-1/
USN-6368-1 https://usn.ubuntu.com/6368-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4584.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4584
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4584
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.43692
EPSS Score 0.0021
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.