Search for vulnerabilities
Vulnerability details: VCID-tp9c-jwzm-aaas
Vulnerability ID VCID-tp9c-jwzm-aaas
Aliases CVE-2023-4574
Summary When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4574.json
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00145 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.00681 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
epss 0.02165 https://api.first.org/data/v1/epss?cve=CVE-2023-4574
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4574
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-4574
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4574.json
https://api.first.org/data/v1/epss?cve=CVE-2023-4574
https://bugzilla.mozilla.org/show_bug.cgi?id=1846688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584
https://www.mozilla.org/security/advisories/mfsa2023-34/
https://www.mozilla.org/security/advisories/mfsa2023-35/
https://www.mozilla.org/security/advisories/mfsa2023-36/
https://www.mozilla.org/security/advisories/mfsa2023-37/
https://www.mozilla.org/security/advisories/mfsa2023-38/
2236072 https://bugzilla.redhat.com/show_bug.cgi?id=2236072
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-4574 https://nvd.nist.gov/vuln/detail/CVE-2023-4574
GLSA-202402-25 https://security.gentoo.org/glsa/202402-25
mfsa2023-34 https://www.mozilla.org/en-US/security/advisories/mfsa2023-34
mfsa2023-35 https://www.mozilla.org/en-US/security/advisories/mfsa2023-35
mfsa2023-36 https://www.mozilla.org/en-US/security/advisories/mfsa2023-36
mfsa2023-37 https://www.mozilla.org/en-US/security/advisories/mfsa2023-37
mfsa2023-38 https://www.mozilla.org/en-US/security/advisories/mfsa2023-38
RHSA-2023:4945 https://access.redhat.com/errata/RHSA-2023:4945
RHSA-2023:4946 https://access.redhat.com/errata/RHSA-2023:4946
RHSA-2023:4947 https://access.redhat.com/errata/RHSA-2023:4947
RHSA-2023:4948 https://access.redhat.com/errata/RHSA-2023:4948
RHSA-2023:4949 https://access.redhat.com/errata/RHSA-2023:4949
RHSA-2023:4950 https://access.redhat.com/errata/RHSA-2023:4950
RHSA-2023:4951 https://access.redhat.com/errata/RHSA-2023:4951
RHSA-2023:4952 https://access.redhat.com/errata/RHSA-2023:4952
RHSA-2023:4954 https://access.redhat.com/errata/RHSA-2023:4954
RHSA-2023:4955 https://access.redhat.com/errata/RHSA-2023:4955
RHSA-2023:4956 https://access.redhat.com/errata/RHSA-2023:4956
RHSA-2023:4957 https://access.redhat.com/errata/RHSA-2023:4957
RHSA-2023:4958 https://access.redhat.com/errata/RHSA-2023:4958
RHSA-2023:4959 https://access.redhat.com/errata/RHSA-2023:4959
RHSA-2023:5019 https://access.redhat.com/errata/RHSA-2023:5019
USN-6320-1 https://usn.ubuntu.com/6320-1/
USN-6368-1 https://usn.ubuntu.com/6368-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4574.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47363
EPSS Score 0.00121
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.