Forum MenüForum-NavigationForumAktivitätAnmeldenRegistrierenForum-Breadcrumbs - Du bist hier:ForumOffenes Forum: Security AdvisoriesCVE-2023-25729 - Thunderbird, Fir …AntwortenAntworten: CVE-2023-25729 - Thunderbird, Firefox <blockquote><div class="quotetitle">Zitat von <a class="profile-link highlight-default" href="https://mits.nrw/forum/profile/forum/">MITs Forum</a> am 2. Juni 2023, 0:00 Uhr</div>Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. References https://bugzilla.mozilla.org/show_bug.cgi?id=1792138 https://www.mozilla.org/security/advisories/mfsa2023-05/ https://www.mozilla.org/security/advisories/mfsa2023-06/ https://www.mozilla.org/security/advisories/mfsa2023-07/</blockquote><br> Abbrechen