SUSE: CVE-2023-4052: SUSE Linux Security Advisory

SUSE: CVE-2023-4052: SUSE Linux Security Advisory

Severity

7

CVSS

(AV:N/AC:L/Au:S/C:N/I:C/A:N)

Published

08/01/2023

Created

08/03/2023

Added

08/03/2023

Modified

01/28/2025

Description

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

Solution(s)

• suse-upgrade-mozillafirefox
• suse-upgrade-mozillafirefox-branding-upstream
• suse-upgrade-mozillafirefox-devel
• suse-upgrade-mozillafirefox-translations-common
• suse-upgrade-mozillafirefox-translations-other
• suse-upgrade-mozillathunderbird
• suse-upgrade-mozillathunderbird-translations-common
• suse-upgrade-mozillathunderbird-translations-other

References

• https://attackerkb.com/topics/cve-2023-4052
• CVE - 2023-4052