CVE-2023-25734 Information

Jun 03, 2023 cve

Description

After downloading a Windows .url shortcut from the local filesystem an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110 Thunderbird < 102.8 and Firefox ESR < 102.8.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1810143 https://bugzilla.mozilla.org/show_bug.cgi?id=1812338 https://www.mozilla.org/security/advisories/mfsa2023-05/ https://bugzilla.mozilla.org/show_bug.cgi?id=1809923 https://www.mozilla.org/security/advisories/mfsa2023-07/ https://www.mozilla.org/security/advisories/mfsa2023-06/ https://bugzilla.mozilla.org/show_bug.cgi?id=1784451 After downloading a Windows .url shortcut from the local filesystem an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox on Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110 Thunderbird < 102.8 and Firefox ESR < 102.8.

Share on: