Search for vulnerabilities
Vulnerability details: VCID-81zu-xsz1-aaab
Vulnerability ID VCID-81zu-xsz1-aaab
Aliases CVE-2023-4581
Summary Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1127 Compilation with Insufficient Warnings or Errors
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4581.json
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00090 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00143 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00169 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
epss 0.01582 https://api.first.org/data/v1/epss?cve=CVE-2023-4581
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-4581
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-4581
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4581.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4581
https://bugzilla.mozilla.org/show_bug.cgi?id=1843758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584
https://www.mozilla.org/security/advisories/mfsa2023-34/
https://www.mozilla.org/security/advisories/mfsa2023-35/
https://www.mozilla.org/security/advisories/mfsa2023-36/
https://www.mozilla.org/security/advisories/mfsa2023-37/
https://www.mozilla.org/security/advisories/mfsa2023-38/
2236080 https://bugzilla.redhat.com/show_bug.cgi?id=2236080
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-4581 https://nvd.nist.gov/vuln/detail/CVE-2023-4581
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-34 https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
mfsa2023-35 https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
mfsa2023-36 https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
mfsa2023-37 https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
mfsa2023-38 https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
RHSA-2023:4945 https://access.redhat.com/errata/RHSA-2023:4945
RHSA-2023:4946 https://access.redhat.com/errata/RHSA-2023:4946
RHSA-2023:4947 https://access.redhat.com/errata/RHSA-2023:4947
RHSA-2023:4948 https://access.redhat.com/errata/RHSA-2023:4948
RHSA-2023:4949 https://access.redhat.com/errata/RHSA-2023:4949
RHSA-2023:4950 https://access.redhat.com/errata/RHSA-2023:4950
RHSA-2023:4951 https://access.redhat.com/errata/RHSA-2023:4951
RHSA-2023:4952 https://access.redhat.com/errata/RHSA-2023:4952
RHSA-2023:4954 https://access.redhat.com/errata/RHSA-2023:4954
RHSA-2023:4955 https://access.redhat.com/errata/RHSA-2023:4955
RHSA-2023:4956 https://access.redhat.com/errata/RHSA-2023:4956
RHSA-2023:4957 https://access.redhat.com/errata/RHSA-2023:4957
RHSA-2023:4958 https://access.redhat.com/errata/RHSA-2023:4958
RHSA-2023:4959 https://access.redhat.com/errata/RHSA-2023:4959
RHSA-2023:5019 https://access.redhat.com/errata/RHSA-2023:5019
USN-6320-1 https://usn.ubuntu.com/6320-1/
USN-6368-1 https://usn.ubuntu.com/6368-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4581.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4581
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4581
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39562
EPSS Score 0.00090
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.