1. Home
  2. Vulnerabilities
  3. CVE-2023-28163

CVE-2023-28163

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.10 % (42th)
0.10% Progress
Affected Products 3
Advisories 13
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Weaknesses
CWE-NVD-noinfo
Related CVEs
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2023-06-02 17:15:12
(15 months ago)
Updated Date
2023-06-08 20:21:53
(15 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 111.0 version cpe:2.3:a:mozilla:firefox < 111.0
  Mozilla Firefox Esr prior 102.9 version cpe:2.3:a:mozilla:firefox_esr < 102.9
  Mozilla Thunderbird prior 102.9 version cpe:2.3:a:mozilla:thunderbird < 102.9