VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bsqs-5fbh-ckf8

Essentials
Severities (30)
References (44)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bsqs-5fbh-ckf8
Aliases	CVE-2023-37207
Summary	A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-290	Authentication Bypass by Spoofing
CWE-470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37207.json
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37207
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1816287
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-37207
ssvc	Track	https://www.debian.org/security/2023/dsa-5450
ssvc	Track	https://www.debian.org/security/2023/dsa-5451
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-22/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-23/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-24/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37207.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-37207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211
2219749		https://bugzilla.redhat.com/show_bug.cgi?id=2219749
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-37207		https://nvd.nist.gov/vuln/detail/CVE-2023-37207
dsa-5450		https://www.debian.org/security/2023/dsa-5450
dsa-5451		https://www.debian.org/security/2023/dsa-5451
mfsa2023-22		https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
mfsa2023-22		https://www.mozilla.org/security/advisories/mfsa2023-22/
mfsa2023-23		https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
mfsa2023-23		https://www.mozilla.org/security/advisories/mfsa2023-23/
mfsa2023-24		https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
mfsa2023-24		https://www.mozilla.org/security/advisories/mfsa2023-24/
msg00006.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
msg00015.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
RHSA-2023:4062		https://access.redhat.com/errata/RHSA-2023:4062
RHSA-2023:4063		https://access.redhat.com/errata/RHSA-2023:4063
RHSA-2023:4064		https://access.redhat.com/errata/RHSA-2023:4064
RHSA-2023:4065		https://access.redhat.com/errata/RHSA-2023:4065
RHSA-2023:4066		https://access.redhat.com/errata/RHSA-2023:4066
RHSA-2023:4067		https://access.redhat.com/errata/RHSA-2023:4067
RHSA-2023:4068		https://access.redhat.com/errata/RHSA-2023:4068
RHSA-2023:4069		https://access.redhat.com/errata/RHSA-2023:4069
RHSA-2023:4070		https://access.redhat.com/errata/RHSA-2023:4070
RHSA-2023:4071		https://access.redhat.com/errata/RHSA-2023:4071
RHSA-2023:4072		https://access.redhat.com/errata/RHSA-2023:4072
RHSA-2023:4073		https://access.redhat.com/errata/RHSA-2023:4073
RHSA-2023:4074		https://access.redhat.com/errata/RHSA-2023:4074
RHSA-2023:4075		https://access.redhat.com/errata/RHSA-2023:4075
RHSA-2023:4076		https://access.redhat.com/errata/RHSA-2023:4076
RHSA-2023:4079		https://access.redhat.com/errata/RHSA-2023:4079
show_bug.cgi?id=1816287		https://bugzilla.mozilla.org/show_bug.cgi?id=1816287
USN-6201-1		https://usn.ubuntu.com/6201-1/
USN-6214-1		https://usn.ubuntu.com/6214-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37207.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1816287

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37207

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://www.debian.org/security/2023/dsa-5450

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://www.debian.org/security/2023/dsa-5451

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-22/

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-23/

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T21:36:31Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-24/

Exploit Prediction Scoring System (EPSS)

Percentile	0.54771
EPSS Score	0.00323
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.823593+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-24.yml	37.0.0