Описание
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | not-affected | |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| lunar | not-affected | code not present |
| trusty | ignored | end of standard support |
| upstream | not-affected | debian: Windows-specific |
| xenial | ignored | end of standard support |
Показывать по
EPSS
8.1 High
CVSS3
Связанные уязвимости
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
After downloading a Windows <code>.url</code> shortcut from the local ...
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, почтового клиента Mozilla Thunderbird, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
8.1 High
CVSS3