Forum
Forum-Navigation
CVE-2023-25740 - Firefox
#1 · 2. Juni 2023, 0:00
After downloading a Windows .scf script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1812354
https://www.mozilla.org/security/advisories/mfsa2023-05/