Lucene search
MozillaCVELIST:CVE-2023-29532HistoryJun 19, 2023 - 9:58 a.m.
CVE-2023-29532
2023-06-1909:58:03
mozilla
www.cve.org
6
mozilla
maintenance service
vulnerability
unsigned update file
smb server
windows
firefox
thunderbird
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server.
Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "112",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
redhatcve
redhatcve
CVE-2023-29532
2023-04-12 06:30:59
debiancve
debiancve
CVE-2023-29532
2023-06-19 10:15:09
veracode
veracode
SMB Relaying Attack
2023-10-02 19:15:12
alpinelinux
alpinelinux
CVE-2023-29532
2023-06-19 10:15:09
cve
cve
CVE-2023-29532
2023-06-19 10:15:09
prion
prion
Code injection
2023-06-19 10:15:00
nvd
nvd
CVE-2023-29532
2023-06-19 10:15:09
ubuntucve
ubuntucve
CVE-2023-29532
2023-06-19 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2023-04-11 18:52:40
[slackware-security] mozilla-thunderbird
2023-04-13 01:16:49
nessus
nessus
Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-101-01)
2023-04-12 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2023:1855-1)
2023-04-15 00:00:00
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:1819-1)
2023-04-12 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2023-101-01)
2023-04-12 00:00:00
Mozilla Firefox Security Advisory (MFSA2023-14) - Windows
2023-04-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1817-1)
2023-04-12 00:00:00
redos
redos
ROS-20230505-02
2023-05-05 00:00:00
ROS-20230505-01
2023-05-05 00:00:00
kaspersky
kaspersky
KLA48841 Multiple vulnerabilities in Mozilla Firefox ESR
2023-04-11 00:00:00
KLA48840 Multiple vulnerabilities in Mozilla Thunderbird
2023-04-11 00:00:00
KLA48839 Multiple vulnerabilities in Mozilla Firefox
2023-04-11 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla
2023-04-11 00:00:00
Security Vulnerabilities fixed in Thunderbird 102.10 — Mozilla
2023-04-11 00:00:00
osv
osv
MozillaThunderbird-102.10.0-1.1 on GA media
2024-06-15 00:00:00
MozillaFirefox-112.0.1-1.1 on GA media
2024-06-15 00:00:00
