Lucene search

PRIOn knowledge basePRION:CVE-2023-6209

HistoryNov 21, 2023 - 3:15 p.m.

Path traversal

2023-11-2115:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

relative urls

incorrect parsing

security problems

web sites

vulnerability

firefox

thunderbird

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.2%

JSON

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal “/…/” part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq11.0
debian_linuxeq12.0
firefoxlt120.0
firefox_esrlt115.5.0
thunderbirdlt115.5

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	11.0
debian_linux	eq	12.0
firefox	lt	120.0
firefox_esr	lt	115.5.0
thunderbird	lt	115.5

References

bugzilla.mozilla.org/show_bug.cgi?id=1858570

lists.debian.org/debian-lts-announce/2023/11/msg00017.html

lists.debian.org/debian-lts-announce/2023/11/msg00030.html

www.debian.org/security/2023/dsa-5561

www.mozilla.org/security/advisories/mfsa2023-49/

www.mozilla.org/security/advisories/mfsa2023-50/

www.mozilla.org/security/advisories/mfsa2023-52/