PT-2023-3486 · Mozilla+2 · Firefox+2

Haxatron1

Publicado

2023-02-14

Atualizado

2025-01-09

CVE-2023-25740

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 110

Description The issue is related to security setting errors in Mozilla Firefox on Windows operating systems. It allows a remote attacker to access confidential information by exploiting the vulnerability using a created .scf script. After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path, leading to unexpected network requests from the operating system and potentially leaking NTLM credentials to the resource.

Recommendations For versions prior to 110, update to version 110 or later to resolve the issue. As a temporary workaround, consider restricting access to .scf scripts to minimize the risk of exploitation. Avoid using remote paths in the affected script until the issue is resolved.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-254

Identificadores relacionados

ALT-PU-2023-1387

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-03686

CVE-2023-25740

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Alt Linux

Astra Linux

Firefox

PT-2023-3486 · Mozilla+2 · Firefox+2

CVE-2023-25740

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1870