Search for vulnerabilities
Vulnerability details: VCID-hk9b-q4rp-xbhz
Vulnerability ID VCID-hk9b-q4rp-xbhz
Aliases CVE-2023-4048
Summary An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4048.json
epss 0.00348 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
epss 0.00386 https://api.first.org/data/v1/epss?cve=CVE-2023-4048
ssvc Track https://bugzilla.mozilla.org/show_bug.cgi?id=1841368
ssvc Track https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4048
ssvc Track https://www.debian.org/security/2023/dsa-5464
ssvc Track https://www.debian.org/security/2023/dsa-5469
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-29/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-30/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2023-31/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4048.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
2228363 https://bugzilla.redhat.com/show_bug.cgi?id=2228363
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-4048 https://nvd.nist.gov/vuln/detail/CVE-2023-4048
dsa-5464 https://www.debian.org/security/2023/dsa-5464
dsa-5469 https://www.debian.org/security/2023/dsa-5469
mfsa2023-29 https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-29/
mfsa2023-30 https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-30/
mfsa2023-31 https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-31 https://www.mozilla.org/security/advisories/mfsa2023-31/
mfsa2023-32 https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33 https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
msg00010.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
RHSA-2023:4460 https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461 https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462 https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463 https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464 https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465 https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468 https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469 https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492 https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493 https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494 https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495 https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496 https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497 https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499 https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500 https://access.redhat.com/errata/RHSA-2023:4500
show_bug.cgi?id=1841368 https://bugzilla.mozilla.org/show_bug.cgi?id=1841368
USN-6267-1 https://usn.ubuntu.com/6267-1/
USN-6333-1 https://usn.ubuntu.com/6333-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4048.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1841368
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4048
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://www.debian.org/security/2023/dsa-5464
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://www.debian.org/security/2023/dsa-5469
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-29/
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-30/
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:12:49Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-31/
Exploit Prediction Scoring System (EPSS)
Percentile 0.5666
EPSS Score 0.00348
Published At Aug. 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:31.394970+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-33.yml 37.0.0