First published: Tue Jul 04 2023(Updated: )
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/firefox | <115.0-1 | 115.0-1 |
ubuntu/firefox | <115.0+ | 115.0+ |
Mozilla Firefox | <115 | 115 |
Mozilla Firefox | <115.0 | |
debian/firefox | 123.0-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2023-37203.
The title of this vulnerability is 'Insufficient validation in the Drag and Drop API in conjunction with social engineering may have allowed an attacker to trick end-users into creating a shortcut to local system files.'
The description of this vulnerability is 'Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code.'
The software affected by this vulnerability is Mozilla Firefox version < 115.
The severity of this vulnerability is medium.