CVE-2023-25750
02.06.2023, 17:15
Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 111.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||
| mozjs68 |
| ||||||||||||||||||
| mozjs78 |
| ||||||||||||||||||
| mozjs91 |
| ||||||||||||||||||
| thunderbird |
|
Common Weakness Enumeration
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.