CVE-2023-4052
CVSS v3.1
6.5 (Medium)
EPSS
0.11 % (44th)
Affected Products
2
Advisories
10
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
Weaknesses
- CWE-59
- Improper Link Resolution Before File Access ('Link Following')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2023-08-01 15:15:10
(13 months ago) - Updated Date
-
2023-08-07 14:15:11
(13 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...