CVE-2023-37203

CVSS v3.1 7.8 (High)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 7

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-07-05 10:15:09
(14 months ago)
Updated Date: 2024-01-07 11:15:12
(8 months ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 115.0 version	cpe:2.3:a:mozilla:firefox		< 115.0