Search for vulnerabilities
Vulnerability details: VCID-kmvv-zqf8-aaaj
Vulnerability ID VCID-kmvv-zqf8-aaaj
Aliases CVE-2023-32206
Summary An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32206.json
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00162 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
epss 0.02165 https://api.first.org/data/v1/epss?cve=CVE-2023-32206
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-32206
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-32206
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-16
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-17
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-18
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32206.json
https://api.first.org/data/v1/epss?cve=CVE-2023-32206
https://bugzilla.mozilla.org/show_bug.cgi?id=1824892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32213
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32215
https://security.gentoo.org/glsa/202312-03
https://www.mozilla.org/security/advisories/mfsa2023-16/
https://www.mozilla.org/security/advisories/mfsa2023-17/
https://www.mozilla.org/security/advisories/mfsa2023-18/
2196737 https://bugzilla.redhat.com/show_bug.cgi?id=2196737
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-32206 https://nvd.nist.gov/vuln/detail/CVE-2023-32206
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-16 https://www.mozilla.org/en-US/security/advisories/mfsa2023-16
mfsa2023-17 https://www.mozilla.org/en-US/security/advisories/mfsa2023-17
mfsa2023-18 https://www.mozilla.org/en-US/security/advisories/mfsa2023-18
RHSA-2023:3137 https://access.redhat.com/errata/RHSA-2023:3137
RHSA-2023:3138 https://access.redhat.com/errata/RHSA-2023:3138
RHSA-2023:3139 https://access.redhat.com/errata/RHSA-2023:3139
RHSA-2023:3140 https://access.redhat.com/errata/RHSA-2023:3140
RHSA-2023:3141 https://access.redhat.com/errata/RHSA-2023:3141
RHSA-2023:3142 https://access.redhat.com/errata/RHSA-2023:3142
RHSA-2023:3143 https://access.redhat.com/errata/RHSA-2023:3143
RHSA-2023:3149 https://access.redhat.com/errata/RHSA-2023:3149
RHSA-2023:3150 https://access.redhat.com/errata/RHSA-2023:3150
RHSA-2023:3151 https://access.redhat.com/errata/RHSA-2023:3151
RHSA-2023:3152 https://access.redhat.com/errata/RHSA-2023:3152
RHSA-2023:3153 https://access.redhat.com/errata/RHSA-2023:3153
RHSA-2023:3154 https://access.redhat.com/errata/RHSA-2023:3154
RHSA-2023:3155 https://access.redhat.com/errata/RHSA-2023:3155
RHSA-2023:3220 https://access.redhat.com/errata/RHSA-2023:3220
RHSA-2023:3221 https://access.redhat.com/errata/RHSA-2023:3221
USN-6074-1 https://usn.ubuntu.com/6074-1/
USN-6075-1 https://usn.ubuntu.com/6075-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32206.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32206
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32206
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.41687
EPSS Score 0.00097
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.