Search for vulnerabilities
Vulnerability details: VCID-8vs9-nx9p-aaah
Vulnerability ID VCID-8vs9-nx9p-aaah
Aliases CVE-2023-32215
Summary Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32215.json
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00295 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00347 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
epss 0.02392 https://api.first.org/data/v1/epss?cve=CVE-2023-32215
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-32215
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-32215
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-16
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-17
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-18
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32215.json
https://api.first.org/data/v1/epss?cve=CVE-2023-32215
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32215
https://security.gentoo.org/glsa/202312-03
https://www.mozilla.org/security/advisories/mfsa2023-16/
https://www.mozilla.org/security/advisories/mfsa2023-17/
https://www.mozilla.org/security/advisories/mfsa2023-18/
2196753 https://bugzilla.redhat.com/show_bug.cgi?id=2196753
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-32215 https://nvd.nist.gov/vuln/detail/CVE-2023-32215
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-16 https://www.mozilla.org/en-US/security/advisories/mfsa2023-16
mfsa2023-17 https://www.mozilla.org/en-US/security/advisories/mfsa2023-17
mfsa2023-18 https://www.mozilla.org/en-US/security/advisories/mfsa2023-18
RHSA-2023:3137 https://access.redhat.com/errata/RHSA-2023:3137
RHSA-2023:3138 https://access.redhat.com/errata/RHSA-2023:3138
RHSA-2023:3139 https://access.redhat.com/errata/RHSA-2023:3139
RHSA-2023:3140 https://access.redhat.com/errata/RHSA-2023:3140
RHSA-2023:3141 https://access.redhat.com/errata/RHSA-2023:3141
RHSA-2023:3142 https://access.redhat.com/errata/RHSA-2023:3142
RHSA-2023:3143 https://access.redhat.com/errata/RHSA-2023:3143
RHSA-2023:3149 https://access.redhat.com/errata/RHSA-2023:3149
RHSA-2023:3150 https://access.redhat.com/errata/RHSA-2023:3150
RHSA-2023:3151 https://access.redhat.com/errata/RHSA-2023:3151
RHSA-2023:3152 https://access.redhat.com/errata/RHSA-2023:3152
RHSA-2023:3153 https://access.redhat.com/errata/RHSA-2023:3153
RHSA-2023:3154 https://access.redhat.com/errata/RHSA-2023:3154
RHSA-2023:3155 https://access.redhat.com/errata/RHSA-2023:3155
RHSA-2023:3220 https://access.redhat.com/errata/RHSA-2023:3220
RHSA-2023:3221 https://access.redhat.com/errata/RHSA-2023:3221
USN-6074-1 https://usn.ubuntu.com/6074-1/
USN-6075-1 https://usn.ubuntu.com/6075-1/
USN-6120-1 https://usn.ubuntu.com/6120-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32215.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32215
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32215
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.4204
EPSS Score 0.00195
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.