CVE-2023-37203

Summary

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 115affected

Weaknesses

  • Drag and Drop API may provide access to local system files

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References