CVE-2023-4054

Summary

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 116affected
MozillaFirefox ESRunspecified < 102.14affected
MozillaFirefox ESRunspecified < 115.1affected
MozillaThunderbirdunspecified < 102.14affected
MozillaThunderbirdunspecified < 115.1affected

Weaknesses

  • Lack of warning when opening appref-ms files

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References