N/A

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

N/A

N/A

Mozilla Thunderbird、Firefox和Firefox ESR 输入验证错误漏洞

Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 基于Mac OSX平台的Mozilla Thunderbird 68.5之前版本、Firefox 73之前版本和Firefox ESR 68.5之前版本中存在安全漏洞。攻

N/A

N/A