Search for vulnerabilities
Vulnerability details: VCID-dhha-f93e-aaak
Vulnerability ID VCID-dhha-f93e-aaak
Aliases CVE-2023-4056
Summary Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json
epss 0.00222 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00247 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00561 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.00863 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.01021 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.02465 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
epss 0.05935 https://api.first.org/data/v1/epss?cve=CVE-2023-4056
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4056
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-4056
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4056
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
https://www.debian.org/security/2023/dsa-5464
https://www.debian.org/security/2023/dsa-5469
https://www.mozilla.org/security/advisories/mfsa2023-29/
https://www.mozilla.org/security/advisories/mfsa2023-30/
https://www.mozilla.org/security/advisories/mfsa2023-31/
2228370 https://bugzilla.redhat.com/show_bug.cgi?id=2228370
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-4056 https://nvd.nist.gov/vuln/detail/CVE-2023-4056
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-29 https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-30 https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-31 https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-32 https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33 https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
RHSA-2023:4460 https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461 https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462 https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463 https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464 https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465 https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468 https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469 https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492 https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493 https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494 https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495 https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496 https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497 https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499 https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500 https://access.redhat.com/errata/RHSA-2023:4500
USN-6267-1 https://usn.ubuntu.com/6267-1/
USN-6333-1 https://usn.ubuntu.com/6333-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4056.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4056
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.60920
EPSS Score 0.00222
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.