Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-4047

Published: 01/08/2023 Updated: 09/08/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Mozilla

Vulnerability Summary

A bug in popup notifications delay calculation could have made it possible for an malicious user to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox esr

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5469-1 thunderbird -- security update
Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code For the oldstable distribution (bullseye), these problems have been fixed in version 1:102140-1~deb11u1 For the stable distribution (bookworm), these problems have been fixed in version 1:102140-1~deb12u1 We rec ...
Debian Security Advisories: DSA-5464-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, bypass of the same-origin policy, spoofing or sandbox bypass For the oldstable distribution (bullseye), these problems have been fixed in version 102140esr-1~deb11u1 For the stable distribution (bookwor ...
Amazon Linux 2: ALASFIREFOX-2023-002
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 10214, and Firefox ESR &lt; 1151 (CVE-2023-4045) In some circumstances, a stale value could have been used for a global ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as h ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterpr ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: firefox security update
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for firefox is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Tel ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 102.14
Mozilla Foundation Security Advisory 2023-32 Security Vulnerabilities fixed in Thunderbird 10214 Announced August 2, 2023 Impact high Products Thunderbird Fixed in Thunderbird 10214 ...
Mozilla: Security Vulnerabilities fixed in Thunderbird 115.1
Mozilla Foundation Security Advisory 2023-33 Security Vulnerabilities fixed in Thunderbird 1151 Announced August 2, 2023 Impact high Products Thunderbird Fixed in Thunderbird 1151 ...

Github Repositories

https://github.com/wildptr-io/Winrar-CVE-2023-40477-POC

CVE-2023-40477 PoC by Wild-Pointer

CVE-2023-4047 PoC By Wild Pointer Read Research: wildptrio/winrar-cve-2023-40477-poc-new-vulnerability-winrar-security-research/ Recvol3cpp Vulnerability: wwwrarlabcom/vuln_rev3_nameshtml, wwwwin-rarcom/ Vulnerable: WinRAR &lt;= 622 How to Test? You can generate your own PoC OR just test attached demo RAR file (verified to crash winrar-622

References

NVD-CWE-noinfohttps://www.mozilla.org/security/advisories/mfsa2023-30/https://www.mozilla.org/security/advisories/mfsa2023-31/https://bugzilla.mozilla.org/show_bug.cgi?id=1839073https://www.mozilla.org/security/advisories/mfsa2023-29/https://www.debian.org/security/2023/dsa-5464https://www.debian.org/security/2023/dsa-5469https://lists.debian.org/debian-lts-announce/2023/08/msg00008.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00010.htmlhttps://nvd.nist.govhttps://github.com/wildptr-io/Winrar-CVE-2023-40477-POChttps://www.debian.org/security/2023/dsa-5469
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook