Описание
After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 137 and Thunderbird < 137.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | not-affected | windows only |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | not-affected | code not present |
| plucky | not-affected | code not present |
| upstream | not-affected | debian: Only affects Firefox on Windows |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | not-affected | windows only |
| jammy | not-affected | windows only |
| noble | not-affected | code not present |
| oracular | not-affected | code not present |
| plucky | not-affected | code not present |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
7.7 High
CVSS3
Связанные уязвимости
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
After selecting a malicious Windows `.url` shortcut from the local fil ...
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.
Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код
EPSS
7.7 High
CVSS3