CVE-2023-29538

CVSS v3.1 4.3 (Medium)

EPSS 0.08 % (33^th)

Affected Products 2

Advisories 3

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

Weaknesses

CWE-668: Exposure of Resource to Wrong Sphere

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-06-02 17:15:12
(15 months ago)
Updated Date: 2023-06-21 15:18:08
(15 months ago)

Affected Products

Mozilla

Firefox
Focus

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 112.0 version	cpe:2.3:a:mozilla:firefox	< 112.0
Mozilla Firefox for Android prior 112.0 version	cpe:2.3:a:mozilla:firefox::::::android	< 112.0
Mozilla Focus for Android prior 112.0 version	cpe:2.3:a:mozilla:focus::::::android	< 112.0