CVE-2023-5725Open Redirect in Mozilla Firefox

CWE-601Open Redirect11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 38.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+1 more
Timeline
PublishedOct 25
Latest updateNov 2

Description

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified119
NVDmozilla/firefox< 119.0
CVEListV5mozilla/firefox_esrunspecified115.4
CVEListV5mozilla/thunderbirdunspecified115.4.1
NVDmozilla/firefox_esr< 115.4

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

3
GHSA
GHSA-vhm9-v8x6-w764: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data2023-10-25
OSV
CVE-2023-5725: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data2023-10-25
CVEList
CVE-2023-5725: A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data2023-10-24

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2023-11-02
Ubuntu
Firefox vulnerabilities2023-10-30
Red Hat
Mozilla: WebExtensions could open arbitrary URLs2023-10-24
Debian
CVE-2023-5725: firefox - A malicious installed WebExtension could open arbitrary URLs, which under the ri...2023
Mozilla
Mozilla Foundation Security Advisory 2023-46: CVE-2023-5725
CVE-2023-5725 — Open Redirect in Mozilla Firefox | cvebase