Permission prompts for opening... CVE-2023-25729

- AV AC AU C I A
发布: 2023-06-02
修订: 2023-06-08

Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

0%

漏洞利用/PoC

当前有22条漏洞利用/PoC

受影响的平台与产品

当前有3条受影响产品信息