CVE-2023-37208
N/A
N/A
Summary
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 115 | affected |
| Mozilla | Firefox ESR | unspecified < 102.13 | affected |
| Mozilla | Thunderbird | unspecified < 102.13 | affected |
Weaknesses
- Lack of warning when opening Diagcab files
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1837675
- https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
- https://www.debian.org/security/2023/dsa-5450
- https://www.debian.org/security/2023/dsa-5451
- https://www.mozilla.org/security/advisories/mfsa2023-22/
- https://www.mozilla.org/security/advisories/mfsa2023-23/
- https://www.mozilla.org/security/advisories/mfsa2023-24/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1837675
- https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html
- https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html
- https://www.debian.org/security/2023/dsa-5450
- https://www.debian.org/security/2023/dsa-5451
- https://www.mozilla.org/security/advisories/mfsa2023-22/
- https://www.mozilla.org/security/advisories/mfsa2023-23/
- https://www.mozilla.org/security/advisories/mfsa2023-24/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.