Headline
CVE-2023-4052: Invalid Bug ID
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.
Sorry, I can’t find "1824420?cve=title". It does not seem like bug number nor an alias to a bug.
Please press Back and try again.
Related news
Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.