PT-2023-1853 · Mozilla+5 · Firefox+5

Duckhiem

Publicado

2023-03-14

Atualizado

2025-10-31

CVE-2023-28161

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 111

Description The issue is related to insufficient access control in Mozilla Firefox. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information when a specially crafted document is opened. If temporary permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory.

Recommendations For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting the use of file: URL loaded documents in the same tab to minimize the risk of exploitation. Avoid granting temporary permissions to documents from untrusted sources.

Exploit

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-281

Identificadores relacionados

ALT-PU-2023-1443

ALT-PU-2023-1817

ALT-PU-2023-5202

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-01452

CVE-2023-28161

OESA-2025-2592

OESA-2025-2593

OPENSUSE-SU-2024:12839-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0728-1

SUSE-SU-2023:0763-1

SUSE-SU-2023:0835-1

USN-5954-1

USN-5954-2

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Firefox

Suse

Ubuntu

PT-2023-1853 · Mozilla+5 · Firefox+5

CVE-2023-28161

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1907