First published: Tue Feb 14 2023(Updated: )
Last updated 24 July 2024
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/firefox | <0:102.8.0-2.el7_9 | 0:102.8.0-2.el7_9 |
redhat/thunderbird | <0:102.8.0-2.el7_9 | 0:102.8.0-2.el7_9 |
redhat/firefox | <0:102.8.0-2.el8_7 | 0:102.8.0-2.el8_7 |
redhat/thunderbird | <0:102.8.0-2.el8_7 | 0:102.8.0-2.el8_7 |
redhat/firefox | <0:102.8.0-2.el8_1 | 0:102.8.0-2.el8_1 |
redhat/thunderbird | <0:102.8.0-2.el8_1 | 0:102.8.0-2.el8_1 |
redhat/firefox | <0:102.8.0-2.el8_2 | 0:102.8.0-2.el8_2 |
redhat/thunderbird | <0:102.8.0-2.el8_2 | 0:102.8.0-2.el8_2 |
redhat/firefox | <0:102.8.0-2.el8_4 | 0:102.8.0-2.el8_4 |
redhat/thunderbird | <0:102.8.0-2.el8_4 | 0:102.8.0-2.el8_4 |
redhat/firefox | <0:102.8.0-2.el8_6 | 0:102.8.0-2.el8_6 |
redhat/thunderbird | <0:102.8.0-2.el8_6 | 0:102.8.0-2.el8_6 |
redhat/firefox | <0:102.8.0-2.el9_1 | 0:102.8.0-2.el9_1 |
redhat/thunderbird | <0:102.8.0-2.el9_1 | 0:102.8.0-2.el9_1 |
redhat/firefox | <0:102.8.0-2.el9_0 | 0:102.8.0-2.el9_0 |
redhat/thunderbird | <0:102.8.0-2.el9_0 | 0:102.8.0-2.el9_0 |
Mozilla Thunderbird | <102.8 | 102.8 |
Mozilla Firefox ESR | <102.8 | 102.8 |
redhat/firefox | <102.8 | 102.8 |
redhat/thunderbird | <102.8 | 102.8 |
Mozilla Firefox | <110 | 110 |
Mozilla Firefox | <110.0 | |
Mozilla Firefox ESR | <102.8 | |
Mozilla Thunderbird | <102.8 | |
debian/firefox | 131.0.2-2 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.3.1esr-1~deb11u1 115.14.0esr-1~deb12u1 128.3.1esr-1~deb12u1 128.3.0esr-2 128.3.1esr-2 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.16.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2023-25729 is a vulnerability that allows extensions in Mozilla Thunderbird and Firefox to open external schemes without user interaction.
Mozilla Thunderbird and Firefox versions up to 102.8 are affected, as well as specific versions of Red Hat Firefox and Thunderbird packages, Ubuntu Firefox and Thunderbird packages, and Debian Firefox, Thunderbird, and Firefox ESR packages.
The severity of CVE-2023-25729 is high, with a CVSS score of 8.8.
To fix CVE-2023-25729, update Mozilla Thunderbird and Firefox to version 102.8 or higher, or install the respective updated packages for Red Hat, Ubuntu, and Debian.
You can find more information about CVE-2023-25729 in the Mozilla Bugzilla and Mozilla Security Advisories.