CVE-2023-4054

CVSS v3.1 5.5 (Medium)

EPSS 0.05 % (20^th)

Affected Products 3

Advisories 12

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-08-01 16:15:09
(13 months ago)
Updated Date: 2023-08-07 14:51:09
(13 months ago)

Affected Products

Microsoft

Windows

Mozilla

Configuration #1

AND

		CPE23	From	Up To
OR
	Mozilla Firefox prior 116.0 version	cpe:2.3:a:mozilla:firefox		< 116.0
OR
	Running on/with
	Mozilla Firefox Esr from 102.0 version and prior 102.14 version	cpe:2.3:a:mozilla:firefox_esr	>= 102.0	< 102.14
OR
	Running on/with
	Mozilla Firefox Esr from 115.0 version and prior 115.1 version	cpe:2.3:a:mozilla:firefox_esr	>= 115.0	< 115.1
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-