Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-4581

Опубликовано: 11 сент. 2023
Источник: debian

Описание

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefox-esrfixed115.2.0esr-1package
firefoxfixed117.0-1package
thunderbirdfixed1:115.2.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4581

Связанные уязвимости

ubuntu логотип

CVE-2023-4581

CVSS3: 4.3
ubuntu
почти 2 года назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

redhat логотип

CVE-2023-4581

CVSS3: 6.1
redhat
почти 2 года назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

nvd логотип

CVE-2023-4581

CVSS3: 4.3
nvd
почти 2 года назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.

github логотип

GHSA-r5px-qx88-c9gq

CVSS3: 4.3
github
почти 2 года назад

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

fstec логотип

BDU:2023-05173

CVSS3: 8.2
fstec
почти 2 года назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с недостаточным предупреждением об опасных действиях, позволяющая нарушителю загружать произвольные файлы