What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2023-4052.

What software is affected by this vulnerability?

Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird are affected by this vulnerability.

What is the severity of CVE-2023-4052?

CVE-2023-4052 has a severity rating of 6.5 (Medium).

How does CVE-2023-4052 impact non-privileged users?

CVE-2023-4052 allows non-privileged users to create a writable directory that can be used to delete files with the permissions of the uninstalling user account.

Are there any references related to CVE-2023-4052?

Yes, there are references related to CVE-2023-4052. You can find them at the following links: [link1](https://bugzilla.mozilla.org/show_bug.cgi?id=1824420), [link2](https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/), [link3](https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/).

Vulnerability/
CVE-2023-4052

medium

6.5

CWE

1/8/2023

22/10/2024

CVE-2023-4052

First published: Tue Aug 01 2023(Updated: )

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
	<116	116
	<115.1	115.1
Mozilla Firefox	<116.0
Mozilla Firefox ESR	<115.1
	<115.1	115.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-4052.
What software is affected by this vulnerability?
Mozilla Firefox, Mozilla Firefox ESR, and Mozilla Thunderbird are affected by this vulnerability.
What is the severity of CVE-2023-4052?
CVE-2023-4052 has a severity rating of 6.5 (Medium).
How does CVE-2023-4052 impact non-privileged users?
CVE-2023-4052 allows non-privileged users to create a writable directory that can be used to delete files with the permissions of the uninstalling user account.
Are there any references related to CVE-2023-4052?
Yes, there are references related to CVE-2023-4052. You can find them at the following links: [link1](https://bugzilla.mozilla.org/show_bug.cgi?id=1824420), [link2](https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/), [link3](https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/).

agent/author
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/references
agent/weakness
agent/severity
agent/event
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
agent/description
agent/software-canonical-lookup-request
collector/nvd-api
agent/tags
collector/nvd-index
collector/nvd-latest
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox