PT-2023-6535 · Mozilla+2 · Thunderbird+4

Marco Bonardo

·

Published

2023-10-24

·

Updated

2024-12-27

·

CVE-2023-5727

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1
Description The issue is related to insufficient warning about potentially dangerous actions when downloading certain file types. Specifically, the executable file warning was not presented when downloading files with .msix, .msixbundle, .appx, and .appxbundle extensions, which can run commands on a user's computer. This issue only affects Windows operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 119, update to version 119 or later to resolve the issue. For Firefox ESR versions prior to 115.4, update to version 115.4 or later to resolve the issue. For Thunderbird versions prior to 115.4.1, update to version 115.4.1 or later to resolve the issue. As a temporary workaround, consider avoiding the download of .msix, .msixbundle, .appx, and .appxbundle files until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-357CWE-254

Related Identifiers

ALT-PU-2023-6639
ALT-PU-2023-6856
ALT-PU-2023-6883
ALT-PU-2023-6908
ALT-PU-2023-7363
ALT-PU-2023-7774
ALT-PU-2024-15839
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4748
BDU:2023-07282
CVE-2023-5727
OPENSUSE-SU-2023_4214-1
OPENSUSE-SU-2023_4302-1
OPENSUSE-SU-2023_4551-1
OPENSUSE-SU-2024:13356-1
OPENSUSE-SU-2024:13385-1
OPENSUSE-SU-2024:13412-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:4212-1
SUSE-SU-2023:4213-1
SUSE-SU-2023:4214-1
SUSE-SU-2023:4302-1
SUSE-SU-2023:4532-1
SUSE-SU-2023:4533-1
SUSE-SU-2023:4551-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird