Forum
CVE-2023-25740 - Firefox
Zitat von MITs Forum am 2. Juni 2023, 0:00 UhrAfter downloading a Windows
.scf
script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.References
https://bugzilla.mozilla.org/show_bug.cgi?id=1812354
https://www.mozilla.org/security/advisories/mfsa2023-05/
After downloading a Windows .scf
script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.
*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1812354
https://www.mozilla.org/security/advisories/mfsa2023-05/