CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.1%
firefox and thunderbird are vulnerable to Arbitrary Code Execution. An attacker could exploit the vulnerability by creating a specially crafted web page that would cause Firefox to crash. When Firefox crashes, it would leave behind some residual memory that could be exploited by the attacker to execute arbitrary code.
bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847
lists.debian.org/debian-lts-announce/2023/08/msg00008.html
lists.debian.org/debian-lts-announce/2023/08/msg00010.html
security-tracker.debian.org/tracker/CVE-2023-4056
www.debian.org/security/2023/dsa-5464
www.debian.org/security/2023/dsa-5469
www.mozilla.org/security/advisories/mfsa2023-29/
www.mozilla.org/security/advisories/mfsa2023-30/
www.mozilla.org/security/advisories/mfsa2023-31/