VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-f4zz-psm3-7qaa

Essentials
Severities (31)
References (45)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-f4zz-psm3-7qaa
Aliases	CVE-2023-37211
Summary	Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37211.json
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00332	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
epss	0.00341	https://api.first.org/data/v1/epss?cve=CVE-2023-37211
ssvc	Track	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-37211
ssvc	Track	https://www.debian.org/security/2023/dsa-5450
ssvc	Track	https://www.debian.org/security/2023/dsa-5451
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-22/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-23/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-24/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37211.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-37211
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211
2219751		https://bugzilla.redhat.com/show_bug.cgi?id=2219751
buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-37211		https://nvd.nist.gov/vuln/detail/CVE-2023-37211
dsa-5450		https://www.debian.org/security/2023/dsa-5450
dsa-5451		https://www.debian.org/security/2023/dsa-5451
mfsa2023-22		https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
mfsa2023-22		https://www.mozilla.org/security/advisories/mfsa2023-22/
mfsa2023-23		https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
mfsa2023-23		https://www.mozilla.org/security/advisories/mfsa2023-23/
mfsa2023-24		https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
mfsa2023-24		https://www.mozilla.org/security/advisories/mfsa2023-24/
msg00006.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
msg00015.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
RHSA-2023:4062		https://access.redhat.com/errata/RHSA-2023:4062
RHSA-2023:4063		https://access.redhat.com/errata/RHSA-2023:4063
RHSA-2023:4064		https://access.redhat.com/errata/RHSA-2023:4064
RHSA-2023:4065		https://access.redhat.com/errata/RHSA-2023:4065
RHSA-2023:4066		https://access.redhat.com/errata/RHSA-2023:4066
RHSA-2023:4067		https://access.redhat.com/errata/RHSA-2023:4067
RHSA-2023:4068		https://access.redhat.com/errata/RHSA-2023:4068
RHSA-2023:4069		https://access.redhat.com/errata/RHSA-2023:4069
RHSA-2023:4070		https://access.redhat.com/errata/RHSA-2023:4070
RHSA-2023:4071		https://access.redhat.com/errata/RHSA-2023:4071
RHSA-2023:4072		https://access.redhat.com/errata/RHSA-2023:4072
RHSA-2023:4073		https://access.redhat.com/errata/RHSA-2023:4073
RHSA-2023:4074		https://access.redhat.com/errata/RHSA-2023:4074
RHSA-2023:4075		https://access.redhat.com/errata/RHSA-2023:4075
RHSA-2023:4076		https://access.redhat.com/errata/RHSA-2023:4076
RHSA-2023:4079		https://access.redhat.com/errata/RHSA-2023:4079
USN-6201-1		https://usn.ubuntu.com/6201-1/
USN-6214-1		https://usn.ubuntu.com/6214-1/
USN-6227-1		https://usn.ubuntu.com/6227-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37211.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1832306%2C1834862%2C1835886%2C1836550%2C1837450

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37211

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://www.debian.org/security/2023/dsa-5450

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://www.debian.org/security/2023/dsa-5451

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-22/

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-23/

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-20T21:32:28Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-24/

Exploit Prediction Scoring System (EPSS)

Percentile	0.55452
EPSS Score	0.00332
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.861432+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-24.yml	37.0.0