CVE-2023-5725
Summary
| CVE | CVE-2023-5725 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-25 18:17:00 UTC |
| Updated | 2023-11-02 20:28:00 UTC |
| Description | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 3637-1] thunderbird security update | MISC | lists.debian.org | |
| Access Denied | MISC | bugzilla.mozilla.org | |
| Debian -- Security Information -- DSA-5535-1 firefox-esr | MISC | www.debian.org | |
| Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Thunderbird 115.4.1 — Mozilla | MISC | www.mozilla.org | |
| [SECURITY] [DLA 3632-1] firefox-esr security update | MISC | lists.debian.org | |
| Debian -- Security Information -- DSA-5538-1 thunderbird | MISC | www.debian.org | |
| Security Vulnerabilities fixed in Firefox 119 — Mozilla | MISC | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161029 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-6162)
- 161033 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-6187)
- 161034 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-6191)
- 161035 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-6194)
- 161036 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2023-6193)
- 161037 Oracle Enterprise Linux Security Update for firefox (ELSA-2023-6188)
- 199869 Ubuntu Security Notification for Firefox Vulnerabilities (USN-6456-1)
- 199889 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-6468-1)
- 242247 Red Hat Update for firefox (RHSA-2023:6162)
- 242249 Red Hat Update for thunderbird (RHSA-2023:6198)
- 242250 Red Hat Update for firefox (RHSA-2023:6189)
- 242251 Red Hat Update for thunderbird (RHSA-2023:6197)
- 242253 Red Hat Update for firefox (RHSA-2023:6188)
- 242254 Red Hat Update for firefox (RHSA-2023:6186)
- 242255 Red Hat Update for firefox (RHSA-2023:6185)
- 242257 Red Hat Update for thunderbird (RHSA-2023:6196)
- 242258 Red Hat Update for firefox (RHSA-2023:6199)
- 242259 Red Hat Update for thunderbird (RHSA-2023:6195)
- 242355 Red Hat Update for thunderbird (RHSA-2023:6194)
- 242368 Red Hat Update for firefox (RHSA-2023:6187)
- 242397 Red Hat Update for thunderbird (RHSA-2023:6191)
- 296106 Oracle Solaris 11.4 Support Repository Update (SRU) 64.157.2 Missing (CPUOCT2023)
- 356733 Amazon Linux Security Advisory for thunderbird : ALAS2-2023-2334
- 356892 Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-017
- 378958 Mozilla Firefox Multiple Vulnerabilities (MFSA2023-45)
- 378959 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-46)
- 378967 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-47)
- 503464 Alpine Linux Security Update for firefox
- 503465 Alpine Linux Security Update for thunderbird
- 505736 Alpine Linux Security Update for firefox-esr
- 506072 Alpine Linux Security Update for firefox-esr
- 506074 Alpine Linux Security Update for firefox
- 506259 Alpine Linux Security Update for thunderbird
- 6000256 Debian Security Update for firefox-esr (DLA 3632-1)
- 6000286 Debian Security Update for thunderbird (DLA 3637-1)
- 6000307 Debian Security Update for firefox-esr (DSA 5535-1)
- 6000313 Debian Security Update for thunderbird (DSA 5538-1)
- 710875 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202402-25)
- 755161 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:4214-1)
- 755162 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:4213-1)
- 755163 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:4212-1)
- 755199 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2023:4302-1)
- 941333 AlmaLinux Security Update for thunderbird (ALSA-2023:6191)
- 941334 AlmaLinux Security Update for firefox (ALSA-2023:6188)
- 941341 AlmaLinux Security Update for firefox (ALSA-2023:6187)
- 941343 AlmaLinux Security Update for thunderbird (ALSA-2023:6194)
- 961069 Rocky Linux Security Update for firefox (RLSA-2023:6188)