VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-zt7u-h5n8-cfa8

Essentials
Severities (32)
References (46)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zt7u-h5n8-cfa8
Aliases	CVE-2023-4049
Summary	Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4049.json
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00338	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
epss	0.00347	https://api.first.org/data/v1/epss?cve=CVE-2023-4049
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1842658
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-4049
ssvc	Track	https://www.debian.org/security/2023/dsa-5464
ssvc	Track	https://www.debian.org/security/2023/dsa-5469
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-29/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-30/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-31/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4049.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-4049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
2228364		https://bugzilla.redhat.com/show_bug.cgi?id=2228364
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-4049		https://nvd.nist.gov/vuln/detail/CVE-2023-4049
dsa-5464		https://www.debian.org/security/2023/dsa-5464
dsa-5469		https://www.debian.org/security/2023/dsa-5469
mfsa2023-29		https://www.mozilla.org/en-US/security/advisories/mfsa2023-29
mfsa2023-29		https://www.mozilla.org/security/advisories/mfsa2023-29/
mfsa2023-30		https://www.mozilla.org/en-US/security/advisories/mfsa2023-30
mfsa2023-30		https://www.mozilla.org/security/advisories/mfsa2023-30/
mfsa2023-31		https://www.mozilla.org/en-US/security/advisories/mfsa2023-31
mfsa2023-31		https://www.mozilla.org/security/advisories/mfsa2023-31/
mfsa2023-32		https://www.mozilla.org/en-US/security/advisories/mfsa2023-32
mfsa2023-33		https://www.mozilla.org/en-US/security/advisories/mfsa2023-33
msg00008.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html
msg00010.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html
RHSA-2023:4460		https://access.redhat.com/errata/RHSA-2023:4460
RHSA-2023:4461		https://access.redhat.com/errata/RHSA-2023:4461
RHSA-2023:4462		https://access.redhat.com/errata/RHSA-2023:4462
RHSA-2023:4463		https://access.redhat.com/errata/RHSA-2023:4463
RHSA-2023:4464		https://access.redhat.com/errata/RHSA-2023:4464
RHSA-2023:4465		https://access.redhat.com/errata/RHSA-2023:4465
RHSA-2023:4468		https://access.redhat.com/errata/RHSA-2023:4468
RHSA-2023:4469		https://access.redhat.com/errata/RHSA-2023:4469
RHSA-2023:4492		https://access.redhat.com/errata/RHSA-2023:4492
RHSA-2023:4493		https://access.redhat.com/errata/RHSA-2023:4493
RHSA-2023:4494		https://access.redhat.com/errata/RHSA-2023:4494
RHSA-2023:4495		https://access.redhat.com/errata/RHSA-2023:4495
RHSA-2023:4496		https://access.redhat.com/errata/RHSA-2023:4496
RHSA-2023:4497		https://access.redhat.com/errata/RHSA-2023:4497
RHSA-2023:4499		https://access.redhat.com/errata/RHSA-2023:4499
RHSA-2023:4500		https://access.redhat.com/errata/RHSA-2023:4500
show_bug.cgi?id=1842658		https://bugzilla.mozilla.org/show_bug.cgi?id=1842658
USN-6267-1		https://usn.ubuntu.com/6267-1/
USN-6333-1		https://usn.ubuntu.com/6333-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4049.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1842658

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4049

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://www.debian.org/security/2023/dsa-5464

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://www.debian.org/security/2023/dsa-5469

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-29/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-30/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:10:50Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-31/

Exploit Prediction Scoring System (EPSS)

Percentile	0.5595
EPSS Score	0.00338
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:31.414099+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-33.yml	37.0.0