PT-2023-2071 · Mozilla+4 · Thunderbird+6

Shaheen Fazim

·

Publicado

2023-03-14

·

Atualizado

2025-01-09

·

CVE-2023-28163

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 111 Firefox ESR versions prior to 102.9 Thunderbird versions prior to 102.9
Description The issue is related to insufficient protection of service data when processing a request to save files through the "Save As" dialog on Windows. This can allow a remote attacker to impact the confidentiality and integrity of protected information. The vulnerability affects Firefox on Windows, specifically when downloading files with suggested filenames containing environment variable names, which are resolved in the context of the current user.
Recommendations For Firefox versions prior to 111, update to version 111 or later. For Firefox ESR versions prior to 102.9, update to version 102.9 or later. For Thunderbird versions prior to 102.9, update to version 102.9 or later.

Exploit

Correção

Information Disclosure

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-22

Identificadores relacionados

ALT-PU-2023-1443
ALT-PU-2023-1491
ALT-PU-2023-1492
ALT-PU-2023-1545
ALT-PU-2023-1546
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-1817
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5202
ALT-PU-2023-5706
ALT-PU-2023-5754
ALT-PU-2023-7774
ALT-PU-2024-3614
BDU:2023-01803
CVE-2023-28163
OPENSUSE-SU-2024:12786-1
OPENSUSE-SU-2024:12791-1
OPENSUSE-SU-2024:12839-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:0728-1
SUSE-SU-2023:0763-1
SUSE-SU-2023:0835-1
SUSE-SU-2023:1736-1

Produtos afetados

Alt Linux
Astra Linux
Firefox
Firefox Esr
Red Os
Suse
Thunderbird