VDB

CISA-2023-5725

CISA-2023-5725 PUBLISHED

Reported by mozilla · Published October 24, 2023

A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.

Affected Products

VendorProductVersions
MozillaFirefoxunspecified
MozillaFirefox ESRunspecified
MozillaThunderbirdunspecified
MozillaThunderbird*, unspecified
MozillaFirefoxunspecified, unspecified
MozillaFirefox ESRunspecified, unspecified

Timeline

  • Oct 24, 2023 CVE Published
  • Feb 13, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›