PT-2023-6854 · Mozilla+3 · Thunderbird+5

Ameen Basha M K

+1

·

Publicado

2023-02-14

·

Atualizado

2025-01-09

·

CVE-2023-25734

CVSS v2.0

9.4

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8
Description The issue is related to incorrect external management of a file name or path, which could allow a remote attacker to impact the confidentiality and integrity of protected information. After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system, potentially leaking NTLM credentials to the resource. This bug only affects Firefox on Windows, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601CWE-73

Identificadores relacionados

ALT-PU-2023-1374
ALT-PU-2023-1386
ALT-PU-2023-1387
ALT-PU-2023-1411
ALT-PU-2023-1435
ALT-PU-2023-1478
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-4365
ALT-PU-2023-4366
BDU:2023-07863
CVE-2023-25734
OPENSUSE-SU-2023_0461-1
OPENSUSE-SU-2024:12702-1
OPENSUSE-SU-2024:12713-1
OPENSUSE-SU-2024:12753-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:0461-1
SUSE-SU-2023:0466-1
SUSE-SU-2023:0469-1
SUSE-SU-2023:0599-1

Produtos afetados

Alt Linux
Astra Linux
Firefox
Firefox Esr
Suse
Thunderbird