Описание
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | firefox on Windows only |
| devel | not-affected | firefox on Windows only |
| esm-infra/focal | DNE | |
| focal | not-affected | firefox on Windows only |
| jammy | not-affected | firefox on Windows only |
| kinetic | not-affected | firefox on Windows only |
| trusty | ignored | end of standard support |
| upstream | not-affected | debian: Windows-specific |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | |
| esm-infra/focal | DNE | |
| focal | ignored | end of standard support, was needed |
| jammy | not-affected | |
| kinetic | ignored | end of life, was needed |
| trusty | ignored | end of standard support |
| upstream | not-affected | firefox on Windows only |
| xenial | ignored | end of standard support |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
When downloading files through the Save As dialog on Windows with sugg ...
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird операционных систем Windows, связанная с недостаточной защитой служебных данных, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации
EPSS
6.5 Medium
CVSS3