Описание
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-25734
- https://bugzilla.mozilla.org/show_bug.cgi?id=1784451
- https://bugzilla.mozilla.org/show_bug.cgi?id=1809923
- https://bugzilla.mozilla.org/show_bug.cgi?id=1810143
- https://bugzilla.mozilla.org/show_bug.cgi?id=1812338
- https://www.mozilla.org/security/advisories/mfsa2023-05
- https://www.mozilla.org/security/advisories/mfsa2023-06
- https://www.mozilla.org/security/advisories/mfsa2023-07
Связанные уязвимости
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows <code>.url</code> shortcut from the local ...
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации