CVE-2023-28161

Summary

If temporary "one-time" permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 111affected

Weaknesses

  • One-time permissions granted to a local file were extended to other local files loaded in the same tab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References