CVE-2023-25729

The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system.

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.