CVE-2023-4581

CVSS v3.1 4.3 (Medium)

EPSS 0.06 % (28^th)

Affected Products 3

Advisories 34

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-09-11 09:15:09
(12 months ago)
Updated Date: 2023-09-14 03:52:57
(12 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	From	Up To
Mozilla Firefox prior 117.0 version	cpe:2.3:a:mozilla:firefox		< 117.0
Mozilla Firefox Esr prior 102.15 version	cpe:2.3:a:mozilla:firefox_esr		< 102.15
Mozilla Firefox Esr from 115.0 version and prior 115.2 version	cpe:2.3:a:mozilla:firefox_esr	>= 115.0	< 115.2
Mozilla Thunderbird prior 115.2 version	cpe:2.3:a:mozilla:thunderbird		< 115.2