VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-8jvs-j6k5-hfd1

Essentials
Severities (32)
References (47)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-8jvs-j6k5-hfd1
Aliases	CVE-2023-4056
Summary	Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00561	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss	0.00577	https://api.first.org/data/v1/epss?cve=CVE-2023-4056
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-4056
ssvc	Track	https://www.debian.org/security/2023/dsa-5464
ssvc	Track	https://www.debian.org/security/2023/dsa-5469
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-30/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-31/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-4056
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
2228370		https://bugzilla.redhat.com/show_bug.cgi?id=2228370
buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-4056		https://nvd.nist.gov/vuln/detail/CVE-2023-4056
dsa-5464		https://www.debian.org/security/2023/dsa-5464
dsa-5469		https://www.debian.org/security/2023/dsa-5469
mfsa2023-29		https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-29		https://www.mozilla.org/security/advisories/mfsa2023-29/
mfsa2023-30		https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-30		https://www.mozilla.org/security/advisories/mfsa2023-30/
mfsa2023-31		https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-31		https://www.mozilla.org/security/advisories/mfsa2023-31/
mfsa2023-32		https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33		https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
msg00008.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
msg00010.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
RHSA-2023:4460		https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461		https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462		https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463		https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464		https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465		https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468		https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469		https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492		https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493		https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494		https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495		https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496		https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497		https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499		https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500		https://access.redhat.com/errata/RHSA-2023:4500
USN-6267-1		https://usn.ubuntu.com/6267-1/
USN-6333-1		https://usn.ubuntu.com/6333-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4056

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://www.debian.org/security/2023/dsa-5464

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://www.debian.org/security/2023/dsa-5469

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-29/

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-30/

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-22T14:25:23Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-31/

Exploit Prediction Scoring System (EPSS)

Percentile	0.67287
EPSS Score	0.00561
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.507993+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-33.yml	37.0.0