CVE-2023-4054 — Insufficient UI Warning of Dangerous Operations in Mozilla Firefox
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 1
Description
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
🔴Vulnerability Details
3GHSA▶
GHSA-ww29-fh6f-953x: When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code↗2023-08-01
CVEList▶
CVE-2023-4054: When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code↗2023-08-01
OSV▶
CVE-2023-4054: When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code↗2023-08-01
📋Vendor Advisories
8Juniper▶
CVE-2023-22396: An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated↗2023-01-13
Debian▶
CVE-2023-4054: firefox - When opening appref-ms files, Firefox did not warn the user that these files may...↗2023