PT-2023-6532 · Mozilla+9 · Firefox+11

Shaheen Fazim

Publicado

2023-10-24

Atualizado

2025-03-14

CVE-2023-5725

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1

Description A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. The issue is related to insufficient access control in the browsers and email client.

Recommendations For Firefox versions prior to 119, update to version 119 or later to resolve the issue. For Firefox ESR versions prior to 115.4, update to version 115.4 or later to resolve the issue. For Thunderbird versions prior to 115.4.1, update to version 115.4.1 or later to resolve the issue.

Exploit

Correção

Open Redirect

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601CWE-264CWE-200

Identificadores relacionados

ALSA-2023:6187

ALSA-2023:6188

ALSA-2023:6191

ALSA-2023:6194

ALT-PU-2023-6639

ALT-PU-2023-6856

ALT-PU-2023-6883

ALT-PU-2023-6908

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-3614

ALT-PU-2024-3860

ALT-PU-2024-4748

BDU:2023-07279

CESA-2023_6187

CESA-2023_6194

CVE-2023-5725

DLA-3632-1

DLA-3637-1

DSA-5535-1

DSA-5538-1

MGASA-2023-0308

MGASA-2023-0309

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2023_4214-1

OPENSUSE-SU-2023_4302-1

OPENSUSE-SU-2023_4551-1

OPENSUSE-SU-2024:13356-1

OPENSUSE-SU-2024:13385-1

OPENSUSE-SU-2024:13412-1

OPENSUSE-SU-2024:14572-1

RHSA-2023:6162

RHSA-2023:6185

RHSA-2023:6186

RHSA-2023:6187

RHSA-2023:6188

RHSA-2023:6189

RHSA-2023:6191

RHSA-2023:6194

RHSA-2023:6195

RHSA-2023:6196

RHSA-2023:6197

RHSA-2023:6198

RHSA-2023:6199

RHSA-2023_6162

RHSA-2023_6187

RHSA-2023_6188

RHSA-2023_6191

RHSA-2023_6194

RLSA-2023:6188

SUSE-SU-2023:4212-1

SUSE-SU-2023:4213-1

SUSE-SU-2023:4214-1

SUSE-SU-2023:4302-1

SUSE-SU-2023:4532-1

SUSE-SU-2023:4533-1

SUSE-SU-2023:4551-1

USN-6456-1

USN-6456-2

USN-6468-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Suse

Thunderbird

Ubuntu

PT-2023-6532 · Mozilla+9 · Firefox+11

CVE-2023-5725

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2184