PT-2023-1853 · Mozilla+5 · Firefox+5

Duckhiem

Published

2023-03-14

Updated

2025-10-31

CVE-2023-28161

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 111

Description The issue is related to insufficient access control in Mozilla Firefox. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information when a specially crafted document is opened. If temporary permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory.

Recommendations For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting the use of file: URL loaded documents in the same tab to minimize the risk of exploitation. Avoid granting temporary permissions to documents from untrusted sources.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-281

Related Identifiers

ALT-PU-2023-1443

ALT-PU-2023-1817

ALT-PU-2023-5202

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-01452

CVE-2023-28161

OESA-2025-2592

OESA-2025-2593

OPENSUSE-SU-2024:12839-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0728-1

SUSE-SU-2023:0763-1

SUSE-SU-2023:0835-1

USN-5954-1

USN-5954-2

Affected Products

Alt Linux

Astra Linux

Linuxmint

Firefox

Suse

Ubuntu

PT-2023-1853 · Mozilla+5 · Firefox+5

CVE-2023-28161

Weakness Enumeration

Related Identifiers

Affected Products

References · 1907