CVE-2023-4052Link Following in Mozilla Firefox

CWE-59Link FollowingCWE-276Incorrect Default Permissions9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 60.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedAug 1

Description

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified116
NVDmozilla/firefox< 116.0
CVEListV5mozilla/firefox_esrunspecified115.1
NVDmozilla/firefox_esr< 115.1
CVEListV5mozilla/thunderbirdunspecified115.1

🔴Vulnerability Details

3
GHSA
GHSA-gjqm-928w-fr7f: The Firefox updater created a directory writable by non-privileged users2023-08-01
CVEList
CVE-2023-4052: The Firefox updater created a directory writable by non-privileged users2023-08-01
OSV
CVE-2023-4052: The Firefox updater created a directory writable by non-privileged users2023-08-01

📋Vendor Advisories

5
Red Hat
Mozilla: File deletion and privilege escalation through Firefox uninstaller2023-08-01
Debian
CVE-2023-4052: firefox - The Firefox updater created a directory writable by non-privileged users. When u...2023
Mozilla
Mozilla Foundation Security Advisory 2023-31: CVE-2023-4052
Mozilla
Mozilla Foundation Security Advisory 2023-29: CVE-2023-4052
Mozilla
Mozilla Foundation Security Advisory 2023-33: CVE-2023-4052
CVE-2023-4052 — Link Following in Mozilla Firefox | cvebase