VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-sptr-ka91-aaaq

Essentials
Severities (96)
References (52)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-sptr-ka91-aaaq
Aliases	CVE-2023-23603
Summary	Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-185

Incorrect Regular Expression

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23603.json
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.0016	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
epss	0.00358	https://api.first.org/data/v1/epss?cve=CVE-2023-23603
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1800832
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1800832
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23603
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-23603
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-01
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-02
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-03
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-01/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-01/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-02/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-02/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2023-03/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-03/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23603.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-23603
		https://bugzilla.mozilla.org/show_bug.cgi?id=1800832
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746
		https://www.mozilla.org/security/advisories/mfsa2023-01/
		https://www.mozilla.org/security/advisories/mfsa2023-02/
		https://www.mozilla.org/security/advisories/mfsa2023-03/
2162343		https://bugzilla.redhat.com/show_bug.cgi?id=2162343
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2023-23603		https://nvd.nist.gov/vuln/detail/CVE-2023-23603
mfsa2023-01		https://www.mozilla.org/en-US/security/advisories/mfsa2023-01
mfsa2023-02		https://www.mozilla.org/en-US/security/advisories/mfsa2023-02
mfsa2023-03		https://www.mozilla.org/en-US/security/advisories/mfsa2023-03
RHSA-2023:0285		https://access.redhat.com/errata/RHSA-2023:0285
RHSA-2023:0286		https://access.redhat.com/errata/RHSA-2023:0286
RHSA-2023:0288		https://access.redhat.com/errata/RHSA-2023:0288
RHSA-2023:0289		https://access.redhat.com/errata/RHSA-2023:0289
RHSA-2023:0290		https://access.redhat.com/errata/RHSA-2023:0290
RHSA-2023:0294		https://access.redhat.com/errata/RHSA-2023:0294
RHSA-2023:0295		https://access.redhat.com/errata/RHSA-2023:0295
RHSA-2023:0296		https://access.redhat.com/errata/RHSA-2023:0296
RHSA-2023:0456		https://access.redhat.com/errata/RHSA-2023:0456
RHSA-2023:0457		https://access.redhat.com/errata/RHSA-2023:0457
RHSA-2023:0459		https://access.redhat.com/errata/RHSA-2023:0459
RHSA-2023:0460		https://access.redhat.com/errata/RHSA-2023:0460
RHSA-2023:0461		https://access.redhat.com/errata/RHSA-2023:0461
RHSA-2023:0462		https://access.redhat.com/errata/RHSA-2023:0462
RHSA-2023:0463		https://access.redhat.com/errata/RHSA-2023:0463
RHSA-2023:0476		https://access.redhat.com/errata/RHSA-2023:0476
USN-5816-1		https://usn.ubuntu.com/5816-1/
USN-5824-1		https://usn.ubuntu.com/5824-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23603.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1800832

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:09:19Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1800832

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-23603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-01/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:09:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-01/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-02/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:09:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-02/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2023-03/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T18:09:19Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-03/

Exploit Prediction Scoring System (EPSS)

Percentile	0.41755
EPSS Score	0.00098
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.