CNNVD-202510-2552 Information
CNNVD ID
CNNVD-202510-2552
Related CVE
- CNNVD Published: 2025-10-19
Description (Chinese)
LibreWolf是LibreWolf开源的一个以Firefox为基础的网页浏览器。 LibreWolf 143.0.4-1及之前版本存在代码问题漏洞,该漏洞源于文件assets/setup.nsi中未知函数的搜索路径不受控制,可能导致本地攻击。
Description (English)
LibreWolf is a FireFox-based web browser from LibreWolf Open Source. LibreWolf 143.0.4-1 and previous versions had a code problem loophole, which stemmed from uncontrolled search paths for unknown functions in filesets/setup.nsi, which could lead to local attacks.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
LibreWolf
Published
2025-10-19
Last Modified
2026-02-24
References
https://vuldb.com/?submit.671575 https://codeberg.org/librewolf/bsys6/commit/dd10e31dd873e9cb309fad8aed921d45bf905a55 https://codeberg.org/librewolf/bsys6/releases/tag/144.0-1 https://vuldb.com/?ctiid.329019 https://github.com/Cyber-Wo0dy/report/blob/main/librewolf/143.0.4-1/librewolf_installer_exe_hijacking.md https://vuldb.com/?id.329019 https://access.redhat.com/security/cve/cve-2025-11940
Patch
https://librewolf.net/installation/
Share on: