LibreWolf Installer setup.nsi uncontrolled search path

A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation leads to uncontrolled search path. The attack must be carried out locally. Attacks of this nature are highly complex. The exploitability is reported as difficult. Upgrading to version 144.0-1 mitigates this issue. The name of the patch is dd10e31dd873e9cb309fad8aed921d45bf905a55. It is suggested to upgrade the affected component.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

LibreWolf 代码问题漏洞

LibreWolf是LibreWolf开源的一个以Firefox为基础的网页浏览器。 LibreWolf 143.0.4-1及之前版本存在代码问题漏洞，该漏洞源于文件assets/setup.nsi中未知函数的搜索路径不受控制，可能导致本地攻击。

N/A

N/A