CVE-2023-25740 Information

Description

After downloading a Windows .scf script from the local filesystem an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox < 110.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1812354 https://www.mozilla.org/security/advisories/mfsa2023-05/