CVE-2023-5727
First published: Tue Oct 24 2023(Updated: )
The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <115.4 | 115.4 |
| Mozilla Thunderbird | <115.4.1 | 115.4.1 |
| Mozilla Firefox | <119 | 119 |
| Mozilla Firefox | <119.0 | |
| Mozilla Firefox ESR | <115.4 | |
| Mozilla Thunderbird | <115.4.1 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1847180
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
- https://www.mozilla.org/security/advisories/mfsa2023-45/
- https://www.mozilla.org/security/advisories/mfsa2023-46/
- https://www.mozilla.org/security/advisories/mfsa2023-47/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-5727?
CVE-2023-5727 is a vulnerability that allows the execution of commands on a user's computer without the warning prompt when downloading .msix, .msixbundle, .appx, and .appxbundle files in Firefox ESR versions 115.4 and earlier, as well as Firefox versions 119 and earlier.
How does CVE-2023-5727 affect Windows operating systems?
CVE-2023-5727 affects Windows operating systems by not presenting the executable file warning when downloading certain file types, potentially allowing malicious commands to run on a user's computer.
Which versions of Firefox are affected by CVE-2023-5727?
Firefox ESR versions 115.4 and earlier, as well as Firefox versions 119 and earlier, are affected by CVE-2023-5727.
What is the severity of CVE-2023-5727?
CVE-2023-5727 has a severity rating of medium with a CVSS score of 4.0.
How can I fix CVE-2023-5727?
To fix CVE-2023-5727, update your Firefox browser to the latest version available, which has addressed the vulnerability.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/epss-latest
- source/FIRST
- agent/author
- agent/event
- agent/epss
- agent/severity
- agent/references
- agent/description
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- vendor/microsoft
- canonical/microsoft windows