Due to the Firefox GTK wrapper... CVE-2023-23598

- AV AC AU C I A
发布: 2023-06-02
修订: 2023-06-08

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.

100%
当前有21条漏洞利用/PoC
当前有3条受影响产品信息