CVE-2023-29538
Severity
4.3MEDIUM
EPSS
0.2%
top 62.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJun 2
Description
Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request. This leaked directory paths on the user's machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages6 packages
🔴Vulnerability Details
3CVEList▶
CVE-2023-29538: Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request↗2023-06-02
GHSA▶
GHSA-5mrh-6gmv-vc85: Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request↗2023-06-02
OSV▶
CVE-2023-29538: Under specific circumstances a WebExtension may have received a jar:file:/// URI instead of a moz-extension:/// URI during a load request↗2023-04-12