VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d5g5-gqdt-aaas

Essentials
Severities (99)
References (53)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-d5g5-gqdt-aaas
Aliases	CVE-2023-25730
Summary	A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-821

Incorrect Synchronization

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25730.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00091	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00097	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
epss	0.00623	https://api.first.org/data/v1/epss?cve=CVE-2023-25730
cvssv3.1	5.4	https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
cvssv3	5.4	https://nvd.nist.gov/vuln/detail/CVE-2023-25730
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2023-25730
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
generic_textual	low	https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2023-05/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-05/
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2023-06/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-06/
cvssv3.1	5.4	https://www.mozilla.org/security/advisories/mfsa2023-07/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-07/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25730.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-25730
		https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://www.mozilla.org/security/advisories/mfsa2023-05/
		https://www.mozilla.org/security/advisories/mfsa2023-06/
		https://www.mozilla.org/security/advisories/mfsa2023-07/
2170375		https://bugzilla.redhat.com/show_bug.cgi?id=2170375
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-25730		https://nvd.nist.gov/vuln/detail/CVE-2023-25730
GLSA-202305-35		https://security.gentoo.org/glsa/202305-35
mfsa2023-05		https://www.mozilla.org/en-US/security/advisories/mfsa2023-05
mfsa2023-06		https://www.mozilla.org/en-US/security/advisories/mfsa2023-06
mfsa2023-07		https://www.mozilla.org/en-US/security/advisories/mfsa2023-07
RHSA-2023:0805		https://access.redhat.com/errata/RHSA-2023:0805
RHSA-2023:0806		https://access.redhat.com/errata/RHSA-2023:0806
RHSA-2023:0807		https://access.redhat.com/errata/RHSA-2023:0807
RHSA-2023:0808		https://access.redhat.com/errata/RHSA-2023:0808
RHSA-2023:0809		https://access.redhat.com/errata/RHSA-2023:0809
RHSA-2023:0810		https://access.redhat.com/errata/RHSA-2023:0810
RHSA-2023:0811		https://access.redhat.com/errata/RHSA-2023:0811
RHSA-2023:0812		https://access.redhat.com/errata/RHSA-2023:0812
RHSA-2023:0817		https://access.redhat.com/errata/RHSA-2023:0817
RHSA-2023:0818		https://access.redhat.com/errata/RHSA-2023:0818
RHSA-2023:0819		https://access.redhat.com/errata/RHSA-2023:0819
RHSA-2023:0820		https://access.redhat.com/errata/RHSA-2023:0820
RHSA-2023:0821		https://access.redhat.com/errata/RHSA-2023:0821
RHSA-2023:0822		https://access.redhat.com/errata/RHSA-2023:0822
RHSA-2023:0823		https://access.redhat.com/errata/RHSA-2023:0823
RHSA-2023:0824		https://access.redhat.com/errata/RHSA-2023:0824
USN-5880-1		https://usn.ubuntu.com/5880-1/
USN-5943-1		https://usn.ubuntu.com/5943-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25730.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1794622

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1794622

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25730

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-25730

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-05/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-06/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T17:32:33Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-07/

Exploit Prediction Scoring System (EPSS)

Percentile	0.34847
EPSS Score	0.00076
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.