ghsa-r5px-qx88-c9gq
Vulnerability from github
Published
2023-09-11 09:31
Modified
2024-04-04 07:34
Severity
Details
Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.
{
"affected": [],
"aliases": [
"CVE-2023-4581"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T09:15:09Z",
"severity": "MODERATE"
},
"details": "Excel `.xll` add-in files did not have a blocklist entry in Firefox\u0027s executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox \u003c 117, Firefox ESR \u003c 102.15, Firefox ESR \u003c 115.2, and Thunderbird \u003c 115.2.",
"id": "GHSA-r5px-qx88-c9gq",
"modified": "2024-04-04T07:34:56Z",
"published": "2023-09-11T09:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4581"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843758"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-35"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-36"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-37"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-38"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading...