VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xz3k-bf3j-e7gr

Essentials
Severities (31)
References (44)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xz3k-bf3j-e7gr
Aliases	CVE-2023-37208
Summary	When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1127

Compilation with Insufficient Warnings or Errors

System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37208.json
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2023-37208
ssvc	Track*	https://bugzilla.mozilla.org/show_bug.cgi?id=1837675
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2023-37208
ssvc	Track*	https://www.debian.org/security/2023/dsa-5450
ssvc	Track*	https://www.debian.org/security/2023/dsa-5451
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-22/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-23/
ssvc	Track*	https://www.mozilla.org/security/advisories/mfsa2023-24/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37208.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-37208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37207
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37208
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37211
2219750		https://bugzilla.redhat.com/show_bug.cgi?id=2219750
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-37208		https://nvd.nist.gov/vuln/detail/CVE-2023-37208
dsa-5450		https://www.debian.org/security/2023/dsa-5450
dsa-5451		https://www.debian.org/security/2023/dsa-5451
mfsa2023-22		https://www.mozilla.org/en-US/security/advisories/mfsa2023-22
mfsa2023-22		https://www.mozilla.org/security/advisories/mfsa2023-22/
mfsa2023-23		https://www.mozilla.org/en-US/security/advisories/mfsa2023-23
mfsa2023-23		https://www.mozilla.org/security/advisories/mfsa2023-23/
mfsa2023-24		https://www.mozilla.org/en-US/security/advisories/mfsa2023-24
mfsa2023-24		https://www.mozilla.org/security/advisories/mfsa2023-24/
msg00006.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
msg00015.html		https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
RHSA-2023:4062		https://access.redhat.com/errata/RHSA-2023:4062
RHSA-2023:4063		https://access.redhat.com/errata/RHSA-2023:4063
RHSA-2023:4064		https://access.redhat.com/errata/RHSA-2023:4064
RHSA-2023:4065		https://access.redhat.com/errata/RHSA-2023:4065
RHSA-2023:4066		https://access.redhat.com/errata/RHSA-2023:4066
RHSA-2023:4067		https://access.redhat.com/errata/RHSA-2023:4067
RHSA-2023:4068		https://access.redhat.com/errata/RHSA-2023:4068
RHSA-2023:4069		https://access.redhat.com/errata/RHSA-2023:4069
RHSA-2023:4070		https://access.redhat.com/errata/RHSA-2023:4070
RHSA-2023:4071		https://access.redhat.com/errata/RHSA-2023:4071
RHSA-2023:4072		https://access.redhat.com/errata/RHSA-2023:4072
RHSA-2023:4073		https://access.redhat.com/errata/RHSA-2023:4073
RHSA-2023:4074		https://access.redhat.com/errata/RHSA-2023:4074
RHSA-2023:4075		https://access.redhat.com/errata/RHSA-2023:4075
RHSA-2023:4076		https://access.redhat.com/errata/RHSA-2023:4076
RHSA-2023:4079		https://access.redhat.com/errata/RHSA-2023:4079
show_bug.cgi?id=1837675		https://bugzilla.mozilla.org/show_bug.cgi?id=1837675
USN-6201-1		https://usn.ubuntu.com/6201-1/
USN-6214-1		https://usn.ubuntu.com/6214-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-37208.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1837675

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-37208

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://www.debian.org/security/2023/dsa-5450

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://www.debian.org/security/2023/dsa-5451

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-22/

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-23/

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-11-20T21:34:29Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-24/

Exploit Prediction Scoring System (EPSS)

Percentile	0.10236
EPSS Score	0.00038
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.841536+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-24.yml	37.0.0