U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-4052

Change History

CVE Modified by Mozilla Corporation 8/07/2023 10:15:11 AM

Action Type Old Value New Value
Changed Description
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. 
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. 
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
Added Reference

								
							
							
						
https://www.mozilla.org/security/advisories/mfsa2023-33/ [No Types Assigned]