CVE-2023-4052

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 1, 2023

Updated: Aug 7, 2023

Summary

CVE-2023-4052 is a vulnerability affecting the Firefox updater on Windows. It permits non-privileged users to create a writable directory, which can then be exploited during the uninstallation process. By placing malicious files in the directory, a user can delete arbitrary files with their own permissions, leading to potential data loss or system compromise. This issue only affects Firefox versions prior to 116, Firefox ESR prior to 115.1, and Thunderbird prior to 115.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sWGpx4
https://www.cve.org/CVERecord?id=CVE-2023-4052
https://nvd.nist.gov/vuln/detail/CVE-2023-4052

Back to Vulnerability Database

CVE-2023-4052

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations