VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-esrv-1t7e-nueq

Essentials
Severities (24)
References (36)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-esrv-1t7e-nueq
Aliases	CVE-2023-34414
Summary	The error page for sites with invalid TLS certificates was missing the activation-delay Thunderbird uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-449	The UI Performs the Wrong Action
CWE-295	Improper Certificate Validation

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-34414
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.1	https://nvd.nist.gov/vuln/detail/CVE-2023-34414
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-21

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-34414
		https://bugzilla.mozilla.org/show_bug.cgi?id=1695986
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.gentoo.org/glsa/202401-10
		https://www.mozilla.org/security/advisories/mfsa2023-19/
		https://www.mozilla.org/security/advisories/mfsa2023-20/
		https://www.mozilla.org/security/advisories/mfsa2023-21/
2212841		https://bugzilla.redhat.com/show_bug.cgi?id=2212841
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-34414		https://nvd.nist.gov/vuln/detail/CVE-2023-34414
mfsa2023-19		https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
mfsa2023-20		https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
mfsa2023-21		https://www.mozilla.org/en-US/security/advisories/mfsa2023-21
RHSA-2023:3560		https://access.redhat.com/errata/RHSA-2023:3560
RHSA-2023:3561		https://access.redhat.com/errata/RHSA-2023:3561
RHSA-2023:3562		https://access.redhat.com/errata/RHSA-2023:3562
RHSA-2023:3563		https://access.redhat.com/errata/RHSA-2023:3563
RHSA-2023:3564		https://access.redhat.com/errata/RHSA-2023:3564
RHSA-2023:3565		https://access.redhat.com/errata/RHSA-2023:3565
RHSA-2023:3566		https://access.redhat.com/errata/RHSA-2023:3566
RHSA-2023:3567		https://access.redhat.com/errata/RHSA-2023:3567
RHSA-2023:3578		https://access.redhat.com/errata/RHSA-2023:3578
RHSA-2023:3579		https://access.redhat.com/errata/RHSA-2023:3579
RHSA-2023:3587		https://access.redhat.com/errata/RHSA-2023:3587
RHSA-2023:3588		https://access.redhat.com/errata/RHSA-2023:3588
RHSA-2023:3589		https://access.redhat.com/errata/RHSA-2023:3589
RHSA-2023:3590		https://access.redhat.com/errata/RHSA-2023:3590
RHSA-2023:3596		https://access.redhat.com/errata/RHSA-2023:3596
RHSA-2023:3597		https://access.redhat.com/errata/RHSA-2023:3597
USN-6143-1		https://usn.ubuntu.com/6143-1/
USN-6214-1		https://usn.ubuntu.com/6214-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34414

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.18342
EPSS Score	0.00058
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:32.833528+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-21.yml	37.0.0