PT-2023-3486 · Mozilla+2 · Firefox+2

Haxatron1

Published

2023-02-14

Updated

2025-01-09

CVE-2023-25740

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 110

Description The issue is related to security setting errors in Mozilla Firefox on Windows operating systems. It allows a remote attacker to access confidential information by exploiting the vulnerability using a created .scf script. After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path, leading to unexpected network requests from the operating system and potentially leaking NTLM credentials to the resource.

Recommendations For versions prior to 110, update to version 110 or later to resolve the issue. As a temporary workaround, consider restricting access to .scf scripts to minimize the risk of exploitation. Avoid using remote paths in the affected script until the issue is resolved.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-254

Related Identifiers

ALT-PU-2023-1387

ALT-PU-2023-1478

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-03686

CVE-2023-25740

OPENSUSE-SU-2024:12753-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Astra Linux

Firefox

PT-2023-3486 · Mozilla+2 · Firefox+2

CVE-2023-25740

Weakness Enumeration

Related Identifiers

Affected Products

References · 1870