CVE-2023-37203Mozilla Firefox vulnerability

9 documents8 sources
Severity
7.8HIGHNVD
OSV6.5
EPSS
0.1%
top 82.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedJul 5
Latest updateJul 11

Description

Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

debiandebian/firefox< firefox 115.0-1 (sid)
CVEListV5mozilla/firefoxunspecified115
NVDmozilla/firefox< 115.0
Ubuntumozilla/firefox< 115.0+build2-0ubuntu0.20.04.3
mozillamozilla/firefox

🔴Vulnerability Details

3
GHSA
GHSA-r39w-v7w4-p94f: Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating2023-07-05
OSV
firefox vulnerabilities2023-07-05
OSV
CVE-2023-37203: Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating2023-07-05

📋Vendor Advisories

4
Microsoft
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could hav2023-07-11
Ubuntu
Firefox vulnerabilities2023-07-05
Debian
CVE-2023-37203: firefox - Insufficient validation in the Drag and Drop API in conjunction with social engi...2023
Mozilla
Mozilla Foundation Security Advisory 2023-22: CVE-2023-37203

💬Community

1
Bugzilla
.URL Extension Download Via Drag and Drop2023-04-17
CVE-2023-37203 — Mozilla Firefox vulnerability | cvebase