CVE-2023-5727
Gentoo Linux Security Advisory 202402-25
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
La advertencia de archivo ejecutable no se presentó al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de un usuario. *Nota: Este problema solo afectó a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1.
This update for MozillaFirefox fixes the following issues. Updated to version 115.4.0 ESR. Fixed a potential clickjack via queued up rendering. Fixed a cross-Origin size and header leakage. Fixed unexpected errors when handling invalid cookie characters. Fixed a crash due to a large WebGL draw. Fixed an issue where WebExtensions could open arbitrary URLs. Fixed an issue where fullscreen notifications would be obscured by file the open dialog on macOS. Fixed a download protection bypass on on Windows. Fixed a crash caused by improper object tracking during GC in the JavaScript engine. Fixed an issue where fullscreen notifications would be obscured by WebAuthn prompts. Fixed multiple memory safety issues. Fixed multiple memory safety issues.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-10-23 CVE Reserved
- 2023-10-24 CVE Published
- 2024-09-11 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2023-45 | 2023-11-02 | |
https://www.mozilla.org/security/advisories/mfsa2023-46 | 2023-11-02 | |
https://www.mozilla.org/security/advisories/mfsa2023-47 | 2023-11-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 119.0 Search vendor "Mozilla" for product "Firefox" and version " < 119.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 115.4 Search vendor "Mozilla" for product "Firefox Esr" and version " < 115.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Mozilla Search vendor "Mozilla" | Thunderbird Search vendor "Mozilla" for product "Thunderbird" | < 115.4.1 Search vendor "Mozilla" for product "Thunderbird" and version " < 115.4.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|