PT-2023-1946 · Mozilla+5 · Firefox+5

Rob Wu

Published

2023-03-14

Updated

2025-03-14

CVE-2023-28160

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 111

Description The issue is related to errors in handling hyperlinks, which can lead to the translation of a URL to the actual local path when following a redirect to a publicly accessible web extension file. This can result in the leakage of potentially sensitive information. A remote attacker may exploit this issue to gain unauthorized access to protected information.

Recommendations For versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider restricting access to publicly accessible web extension files to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-425CWE-200

Related Identifiers

ALT-PU-2023-1443

ALT-PU-2023-1817

ALT-PU-2023-5202

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-01556

CVE-2023-28160

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:12839-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0728-1

SUSE-SU-2023:0763-1

SUSE-SU-2023:0835-1

USN-5954-1

USN-5954-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Suse

Ubuntu

PT-2023-1946 · Mozilla+5 · Firefox+5

CVE-2023-28160

Weakness Enumeration

Related Identifiers

Affected Products

References · 2089