The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer.
*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1847180 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-45/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-46/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-47/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2023-10-24T12:47:13.501Z
Updated: 2023-10-24T21:06:50.044Z
Reserved: 2023-10-23T17:22:05.928Z
Link: CVE-2023-5727
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-25T18:17:44.263
Modified: 2023-11-02T20:09:22.683
Link: CVE-2023-5727
JSON object: View
Redhat Information
No data.
CWE