CVE-2023-5727
published 2023-10-25CVE-2023-5727: The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 119.0 | 119.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 119 | 119 |
| mozilla | firefox_esr | < 115.4 | 115.4 |
| mozilla | firefox_esr | >= unspecified < 115.4 | 115.4 |
| mozilla | thunderbird | < 115.4.1 | 115.4.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu0.20.04.1 | 1:115.4.1+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu0.22.04.1 | 1:115.4.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu1 | 1:115.4.1+build1-0ubuntu1 |
| mozilla | thunderbird | >= unspecified < 115.4.1 | 115.4.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv6.5MEDIUM
Red Hat
Mozilla: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
vendor_redhat·2023-10-24·CVSS 6.5
CVE-2023-5727 [MEDIUM] CWE-357 Mozilla: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
Mozilla: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
The Mozilla Foundation Security Advisory describes this flaw as:
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*
Statement: Red Hat
Debian
CVE-2023-5727: firefox - The executable file warning was not presented when downloading .msix, .msixbundl...
vendor_debian·2023·CVSS 6.5
CVE-2023-5727 [MEDIUM] CVE-2023-5727: firefox - The executable file warning was not presented when downloading .msix, .msixbundl...
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2023-47: CVE-2023-5727
vendor_mozilla·CVSS 6.5
CVE-2023-5727 [MEDIUM] Mozilla Foundation Security Advisory 2023-47: CVE-2023-5727
Mozilla Foundation Security Advisory 2023-47
CVE: CVE-2023-5727
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.4.1
Mozilla
Mozilla Foundation Security Advisory 2023-46: CVE-2023-5727
vendor_mozilla·CVSS 6.5
CVE-2023-5727 [MEDIUM] Mozilla Foundation Security Advisory 2023-46: CVE-2023-5727
Mozilla Foundation Security Advisory 2023-46
CVE: CVE-2023-5727
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.4
Mozilla
Mozilla Foundation Security Advisory 2023-45: CVE-2023-5727
vendor_mozilla·CVSS 6.5
CVE-2023-5727 [MEDIUM] Mozilla Foundation Security Advisory 2023-45: CVE-2023-5727
Mozilla Foundation Security Advisory 2023-45
CVE: CVE-2023-5727
Product: Firefox
Impact: high
Fixed in: Firefox 119
GHSA
GHSA-5c37-6j7c-hr7x: The executable file warning was not presented when downloading
ghsa_unreviewed·2023-10-25
CVE-2023-5727 [MEDIUM] GHSA-5c37-6j7c-hr7x: The executable file warning was not presented when downloading
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
OSV
CVE-2023-5727: The executable file warning was not presented when downloading
osv·2023-10-25·CVSS 6.5
CVE-2023-5727 [MEDIUM] CVE-2023-5727: The executable file warning was not presented when downloading
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1847180https://www.mozilla.org/security/advisories/mfsa2023-45/https://www.mozilla.org/security/advisories/mfsa2023-46/https://www.mozilla.org/security/advisories/mfsa2023-47/https://bugzilla.mozilla.org/show_bug.cgi?id=1847180https://www.mozilla.org/security/advisories/mfsa2023-45/https://www.mozilla.org/security/advisories/mfsa2023-46/https://www.mozilla.org/security/advisories/mfsa2023-47/
2023-10-25
Published