Search for vulnerabilities
Vulnerability details: VCID-qjk7-6uhu-aaab
Vulnerability ID VCID-qjk7-6uhu-aaab
Aliases CVE-2023-34416
Summary Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34416.json
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00311 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00558 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00657 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.01328 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
epss 0.0414 https://api.first.org/data/v1/epss?cve=CVE-2023-34416
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-34416
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-34416
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-21
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34416.json
https://api.first.org/data/v1/epss?cve=CVE-2023-34416
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1752703%2C1818394%2C1826875%2C1827340%2C1827655%2C1828065%2C1830190%2C1830206%2C1830795%2C1833339
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202312-03
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.mozilla.org/security/advisories/mfsa2023-20/
https://www.mozilla.org/security/advisories/mfsa2023-21/
2212842 https://bugzilla.redhat.com/show_bug.cgi?id=2212842
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-34416 https://nvd.nist.gov/vuln/detail/CVE-2023-34416
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-19 https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
mfsa2023-20 https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
mfsa2023-21 https://www.mozilla.org/en-US/security/advisories/mfsa2023-21
RHSA-2023:3560 https://access.redhat.com/errata/RHSA-2023:3560
RHSA-2023:3561 https://access.redhat.com/errata/RHSA-2023:3561
RHSA-2023:3562 https://access.redhat.com/errata/RHSA-2023:3562
RHSA-2023:3563 https://access.redhat.com/errata/RHSA-2023:3563
RHSA-2023:3564 https://access.redhat.com/errata/RHSA-2023:3564
RHSA-2023:3565 https://access.redhat.com/errata/RHSA-2023:3565
RHSA-2023:3566 https://access.redhat.com/errata/RHSA-2023:3566
RHSA-2023:3567 https://access.redhat.com/errata/RHSA-2023:3567
RHSA-2023:3578 https://access.redhat.com/errata/RHSA-2023:3578
RHSA-2023:3579 https://access.redhat.com/errata/RHSA-2023:3579
RHSA-2023:3587 https://access.redhat.com/errata/RHSA-2023:3587
RHSA-2023:3588 https://access.redhat.com/errata/RHSA-2023:3588
RHSA-2023:3589 https://access.redhat.com/errata/RHSA-2023:3589
RHSA-2023:3590 https://access.redhat.com/errata/RHSA-2023:3590
RHSA-2023:3596 https://access.redhat.com/errata/RHSA-2023:3596
RHSA-2023:3597 https://access.redhat.com/errata/RHSA-2023:3597
USN-6143-1 https://usn.ubuntu.com/6143-1/
USN-6147-1 https://usn.ubuntu.com/6147-1/
USN-6214-1 https://usn.ubuntu.com/6214-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34416.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34416
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34416
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.534
EPSS Score 0.00311
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.