CVE: CVE-2023-25729

Descrizione: Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Vettore di attacco

Riferimenti esterni

• https://www.mozilla.org/security/advisories/mfsa2023-06/
• https://www.mozilla.org/security/advisories/mfsa2023-05/
• https://www.mozilla.org/security/advisories/mfsa2023-07/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1792138

Prodotti interessati

• Mozilla – Firefox
• Mozilla – Thunderbird
• Mozilla – Firefox ESR

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2023
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2023
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2023
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)