CVE-2023-28163
Published: 2 June 2023
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
| alexmurray | Only affects Firefox on Windows |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(firefox on Windows only)
|
| focal |
Not vulnerable
(firefox on Windows only)
|
|
| jammy |
Not vulnerable
(firefox on Windows only)
|
|
| kinetic |
Not vulnerable
(firefox on Windows only)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Not vulnerable
(debian: Windows-specific)
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
mozjs38 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(firefox on Windows only)
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Does not exist
|
|
|
mozjs52 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(firefox on Windows only)
|
| focal |
Not vulnerable
(firefox on Windows only)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Does not exist
|
|
|
mozjs68 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Not vulnerable
(firefox on Windows only)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Does not exist
|
|
|
mozjs78 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(firefox on Windows only)
|
|
| kinetic |
Not vulnerable
(firefox on Windows only)
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Does not exist
|
|
|
mozjs91 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Not vulnerable
(firefox on Windows only)
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Does not exist
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
| focal |
Needed
|
|
| jammy |
Needed
|
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Not vulnerable
(firefox on Windows only)
|
|
| xenial |
Ignored
(end of standard support)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |