VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-babj-wpxb-aaak

Essentials
Severities (97)
References (54)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-babj-wpxb-aaak
Aliases	CVE-2023-25739
Summary	Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25739.json
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00165	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00169	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00207	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00226	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
epss	0.01747	https://api.first.org/data/v1/epss?cve=CVE-2023-25739
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1811939
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1811939
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25739
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-25739
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
generic_textual	low	https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-05/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-05/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-06/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-06/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2023-07/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-07/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25739.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-25739
		https://bugzilla.mozilla.org/show_bug.cgi?id=1811939
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://www.mozilla.org/security/advisories/mfsa2023-05/
		https://www.mozilla.org/security/advisories/mfsa2023-06/
		https://www.mozilla.org/security/advisories/mfsa2023-07/
2170381		https://bugzilla.redhat.com/show_bug.cgi?id=2170381
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-25739		https://nvd.nist.gov/vuln/detail/CVE-2023-25739
GLSA-202305-35		https://security.gentoo.org/glsa/202305-35
mfsa2023-05		https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
mfsa2023-06		https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
mfsa2023-07		https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
RHSA-2023:0805		https://access.redhat.com/errata/RHSA-2023:0805
RHSA-2023:0806		https://access.redhat.com/errata/RHSA-2023:0806
RHSA-2023:0807		https://access.redhat.com/errata/RHSA-2023:0807
RHSA-2023:0808		https://access.redhat.com/errata/RHSA-2023:0808
RHSA-2023:0809		https://access.redhat.com/errata/RHSA-2023:0809
RHSA-2023:0810		https://access.redhat.com/errata/RHSA-2023:0810
RHSA-2023:0811		https://access.redhat.com/errata/RHSA-2023:0811
RHSA-2023:0812		https://access.redhat.com/errata/RHSA-2023:0812
RHSA-2023:0817		https://access.redhat.com/errata/RHSA-2023:0817
RHSA-2023:0818		https://access.redhat.com/errata/RHSA-2023:0818
RHSA-2023:0819		https://access.redhat.com/errata/RHSA-2023:0819
RHSA-2023:0820		https://access.redhat.com/errata/RHSA-2023:0820
RHSA-2023:0821		https://access.redhat.com/errata/RHSA-2023:0821
RHSA-2023:0822		https://access.redhat.com/errata/RHSA-2023:0822
RHSA-2023:0823		https://access.redhat.com/errata/RHSA-2023:0823
RHSA-2023:0824		https://access.redhat.com/errata/RHSA-2023:0824
USN-5880-1		https://usn.ubuntu.com/5880-1/
USN-5943-1		https://usn.ubuntu.com/5943-1/
USN-6120-1		https://usn.ubuntu.com/6120-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25739.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1811939

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1811939

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25739

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25739

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-09T20:05:46Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Exploit Prediction Scoring System (EPSS)

Percentile	0.35654
EPSS Score	0.00143
Published At	April 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.