Описание
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 116.0-1 | package | |
| firefox-esr | fixed | 115.2.0esr-1 | package | |
| firefox-esr | not-affected | bookworm | package | |
| firefox-esr | not-affected | bullseye | package | |
| firefox-esr | not-affected | buster | package | |
| thunderbird | fixed | 1:115.2.0-1 | package | |
| thunderbird | not-affected | bookworm | package | |
| thunderbird | not-affected | bullseye | package | |
| thunderbird | not-affected | buster | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4053
EPSS
Связанные уязвимости
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
Уязвимость веб-браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю оказать воздействие на целостность данных
EPSS