Search for vulnerabilities
Vulnerability details: VCID-f16k-2eg5-t7gp
Vulnerability ID VCID-f16k-2eg5-t7gp
Aliases CVE-2023-5730
Summary Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5730.json
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2023-5730
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-5730
ssvc Track https://www.debian.org/security/2023/dsa-5535
ssvc Track https://www.debian.org/security/2023/dsa-5538
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-45
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-46
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-47
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-45/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-46/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-47/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5730.json
https://api.first.org/data/v1/epss?cve=CVE-2023-5730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5732
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2245906 https://bugzilla.redhat.com/show_bug.cgi?id=2245906
buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2023-5730 https://nvd.nist.gov/vuln/detail/CVE-2023-5730
dsa-5535 https://www.debian.org/security/2023/dsa-5535
dsa-5538 https://www.debian.org/security/2023/dsa-5538
mfsa2023-45 https://www.mozilla.org/en-US/security/advisories/mfsa2023-45
mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-45/
mfsa2023-46 https://www.mozilla.org/en-US/security/advisories/mfsa2023-46
mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-46/
mfsa2023-47 https://www.mozilla.org/en-US/security/advisories/mfsa2023-47
mfsa2023-47 https://www.mozilla.org/security/advisories/mfsa2023-47/
msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
msg00042.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
RHSA-2023:6162 https://access.redhat.com/errata/RHSA-2023:6162
RHSA-2023:6185 https://access.redhat.com/errata/RHSA-2023:6185
RHSA-2023:6186 https://access.redhat.com/errata/RHSA-2023:6186
RHSA-2023:6187 https://access.redhat.com/errata/RHSA-2023:6187
RHSA-2023:6188 https://access.redhat.com/errata/RHSA-2023:6188
RHSA-2023:6189 https://access.redhat.com/errata/RHSA-2023:6189
RHSA-2023:6191 https://access.redhat.com/errata/RHSA-2023:6191
RHSA-2023:6194 https://access.redhat.com/errata/RHSA-2023:6194
RHSA-2023:6195 https://access.redhat.com/errata/RHSA-2023:6195
RHSA-2023:6196 https://access.redhat.com/errata/RHSA-2023:6196
RHSA-2023:6197 https://access.redhat.com/errata/RHSA-2023:6197
RHSA-2023:6198 https://access.redhat.com/errata/RHSA-2023:6198
RHSA-2023:6199 https://access.redhat.com/errata/RHSA-2023:6199
USN-6456-1 https://usn.ubuntu.com/6456-1/
USN-6468-1 https://usn.ubuntu.com/6468-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5730.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836607%2C1840918%2C1848694%2C1848833%2C1850191%2C1850259%2C1852596%2C1853201%2C1854002%2C1855306%2C1855640%2C1856695
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-5730
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://www.debian.org/security/2023/dsa-5535
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://www.debian.org/security/2023/dsa-5538
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-45/
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-46/
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-11T18:25:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-47/
Exploit Prediction Scoring System (EPSS)
Percentile 0.54043
EPSS Score 0.00315
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:31.740489+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-45.yml 37.0.0