Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5725

Summary
Assigner-mozilla
Assigner Org ID-f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At-24 Oct, 2023 | 12:47
Updated At-13 Feb, 2025 | 17:25
Rejected At-
Credits

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mozilla
Assigner Org ID:f16b083a-5664-49f3-a51e-8d479e5ed7fe
Published At:24 Oct, 2023 | 12:47
Updated At:13 Feb, 2025 | 17:25
Rejected At:
▼CVE Numbering Authority (CNA)

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Affected Products
Vendor
Mozilla CorporationMozilla
Product
Firefox
Versions
Affected
  • From unspecified before 119 (custom)
Vendor
Mozilla CorporationMozilla
Product
Firefox ESR
Versions
Affected
  • From unspecified before 115.4 (custom)
Vendor
Mozilla CorporationMozilla
Product
Thunderbird
Versions
Affected
  • From unspecified before 115.4.1 (custom)
Problem Types
TypeCWE IDDescription
textN/AWebExtensions could open arbitrary URLs
Type: text
CWE ID: N/A
Description: WebExtensions could open arbitrary URLs
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Shaheen Fazim
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1845739
N/A
https://www.mozilla.org/security/advisories/mfsa2023-45/
N/A
https://www.mozilla.org/security/advisories/mfsa2023-46/
N/A
https://www.mozilla.org/security/advisories/mfsa2023-47/
N/A
https://www.debian.org/security/2023/dsa-5535
N/A
https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
N/A
https://www.debian.org/security/2023/dsa-5538
N/A
https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1845739
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-45/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-46/
Resource: N/A
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-47/
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5535
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5538
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1845739
x_transferred
https://www.mozilla.org/security/advisories/mfsa2023-45/
x_transferred
https://www.mozilla.org/security/advisories/mfsa2023-46/
x_transferred
https://www.mozilla.org/security/advisories/mfsa2023-47/
x_transferred
https://www.debian.org/security/2023/dsa-5535
x_transferred
https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
x_transferred
https://www.debian.org/security/2023/dsa-5538
x_transferred
https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1845739
Resource:
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-45/
Resource:
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-46/
Resource:
x_transferred
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-47/
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5535
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5538
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mozilla.org
Published At:25 Oct, 2023 | 18:17
Updated At:02 Nov, 2023 | 20:28

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions before 119.0(exclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>firefox_esr>>Versions before 115.4(exclusive)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>thunderbird>>Versions before 115.4.1(exclusive)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugzilla.mozilla.org/show_bug.cgi?id=1845739security@mozilla.org
Issue Tracking
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00037.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00042.htmlsecurity@mozilla.org
Mailing List
Third Party Advisory
https://www.debian.org/security/2023/dsa-5535security@mozilla.org
Mailing List
Third Party Advisory
https://www.debian.org/security/2023/dsa-5538security@mozilla.org
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2023-45/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-46/security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-47/security@mozilla.org
Vendor Advisory
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1845739
Source: security@mozilla.org
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5535
Source: security@mozilla.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5538
Source: security@mozilla.org
Resource:
Third Party Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-45/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-46/
Source: security@mozilla.org
Resource:
Vendor Advisory
Hyperlink: https://www.mozilla.org/security/advisories/mfsa2023-47/
Source: security@mozilla.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2020-6792
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.95% / 76.62%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 04:05
Updated-04 Aug, 2024 | 09:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-ubuntu_linuxthunderbirdThunderbird
CWE ID-CWE-909
Missing Initialization of Resource
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-6438
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 72.12%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:30
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-6490
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 77.67%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-6531
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-1.50% / 81.30%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 16:16
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-6440
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 72.12%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 17:30
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackportsleapChrome
CVE-2020-6529
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 70.37%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 16:16
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-15959
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 75.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CVE-2023-6135
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.36%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 13:38
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-203
Observable Discrepancy
CVE-2020-16012
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-4.95% / 89.74%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:48
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-chromefirefoxChrome
CVE-2020-15966
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 75.62%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
  • Previous
  • 1
  • 2
  • Next
Details not found