VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7183-gs92-aaar

Essentials
Severities (97)
References (53)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7183-gs92-aaar
Aliases	CVE-2023-25729
Summary	Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-84

Improper Neutralization of Encoded URI Schemes in a Web Page

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25729.json
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00172	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
epss	0.0142	https://api.first.org/data/v1/epss?cve=CVE-2023-25729
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1792138
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25729
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25729
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
generic_textual	low	https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-05/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-05/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-06/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-06/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-07/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-07/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25729.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-25729
		https://bugzilla.mozilla.org/show_bug.cgi?id=1792138
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://www.mozilla.org/security/advisories/mfsa2023-05/
		https://www.mozilla.org/security/advisories/mfsa2023-06/
		https://www.mozilla.org/security/advisories/mfsa2023-07/
2170382		https://bugzilla.redhat.com/show_bug.cgi?id=2170382
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-25729		https://nvd.nist.gov/vuln/detail/CVE-2023-25729
GLSA-202305-35		https://security.gentoo.org/glsa/202305-35
mfsa2023-05		https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
mfsa2023-06		https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
mfsa2023-07		https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
RHSA-2023:0805		https://access.redhat.com/errata/RHSA-2023:0805
RHSA-2023:0806		https://access.redhat.com/errata/RHSA-2023:0806
RHSA-2023:0807		https://access.redhat.com/errata/RHSA-2023:0807
RHSA-2023:0808		https://access.redhat.com/errata/RHSA-2023:0808
RHSA-2023:0809		https://access.redhat.com/errata/RHSA-2023:0809
RHSA-2023:0810		https://access.redhat.com/errata/RHSA-2023:0810
RHSA-2023:0811		https://access.redhat.com/errata/RHSA-2023:0811
RHSA-2023:0812		https://access.redhat.com/errata/RHSA-2023:0812
RHSA-2023:0817		https://access.redhat.com/errata/RHSA-2023:0817
RHSA-2023:0818		https://access.redhat.com/errata/RHSA-2023:0818
RHSA-2023:0819		https://access.redhat.com/errata/RHSA-2023:0819
RHSA-2023:0820		https://access.redhat.com/errata/RHSA-2023:0820
RHSA-2023:0821		https://access.redhat.com/errata/RHSA-2023:0821
RHSA-2023:0822		https://access.redhat.com/errata/RHSA-2023:0822
RHSA-2023:0823		https://access.redhat.com/errata/RHSA-2023:0823
RHSA-2023:0824		https://access.redhat.com/errata/RHSA-2023:0824
USN-5880-1		https://usn.ubuntu.com/5880-1/
USN-5943-1		https://usn.ubuntu.com/5943-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25729.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1792138

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1792138

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25729

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25729

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-10T17:35:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Exploit Prediction Scoring System (EPSS)

Percentile	0.31539
EPSS Score	0.00116
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.