How severe is CVE-2023-4052?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-4052?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2023-4052 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

Related Vulnerabilities

CVE-2005-0587

MEDIUM

CVSS:6.5(Medium)

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file t...

CWE-592005

CVE-2010-0398

MEDIUM

CVSS:6.5(Medium)

The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.

CWE-592010

CVE-2015-3147

MEDIUM

CVSS:6.5(Medium)

daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unsp...

CWE-592015

CVE-2018-14335

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database ...

CWE-592018

CVE-2018-15351

MEDIUM

CVSS:6.5(Medium)

Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.

CWE-592018

CVE-2019-1425

MEDIUM

CVSS:6.5(Medium)

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CWE-592019