This page permanently redirects to gemini://gemini.techrights.org/2023/08/02/mozilla-firefox-115-1-and-116/.
Gemini version available ♊︎
Posted in Security, Windows at 12:08 am by Guest Editorial Team
Reprinted with permission from Ryan
=> ↺ Ryan
Firefox 115.1 and 116 Released With Two Windows-Only Security Issues Fixed
=> ↺ irefox 115.1 and 116 Released With Two Windows-Only Security Issues Fixed
As usual, a Firefox release is out with serious security vulnerabilities inherited from Windows in addition to actual bugs in Firefox.
This is a common occurrence because Windows is badly designed and adds vulnerabilities to everything that runs on top of it.
CVE-2023-4052 creates a hazard using the NTFS version of symbolic links and a hole in Windows UAC (discretionary access controls).
CVE-2023-4054 is yet another Windows MetaFile-like bug that can be used to run malicious code without any warning. █
Reporter ycdxsb Impact moderate
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user.This bug only affects Firefox on Windows. Other operating systems are unaffected.
Reporter P Umar Farooq Impact moderate
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.This bug only affects Firefox on Windows. Other operating systems are unaffected.
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink > Image: Mail
Send this to a friend
=> Permalink | ↺ Send this to a friend
=> Techrights
➮ Sharing is caring. Content is available under CC-BY-SA.
text/gemini;lang=en-GBThis content has been proxied by September (ba2dc).