AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
#CVE-2023-23599: Malicious command could be hidden in devtools output on Windows #CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linuxĭue to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to tData. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. #CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary filesĪ compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. Security Vulnerabilities fixed in Firefox 109 Mozilla Foundation Security Advisory 2023-01 Endpoint Detection & Response for Servers
0 Comments
Read More
Leave a Reply. |