Firefox 115.1 and 116 Released With Two Windows-Only Security Issues Fixed
As usual, a Firefox release is out with serious security vulnerabilities inherited from Windows in addition to actual bugs in Firefox.
This is a common occurrence because Windows is badly designed and adds vulnerabilities to everything that runs on top of it.
CVE-2023-4052 creates a hazard using the NTFS version of symbolic links and a hole in Windows UAC (discretionary access controls).
CVE-2023-4054 is yet another Windows MetaFile-like bug that can be used to run malicious code without any warning. ⬆
CVE-2023-4052: File deletion and privilege escalation through Firefox uninstaller
Reporter ycdxsb Impact moderate
Description
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user.
This bug only affects Firefox on Windows. Other operating systems are unaffected.
CVE-2023-4054: Lack of warning when opening appref-ms files
Reporter P Umar Farooq Impact moderate
Description
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code.
This bug only affects Firefox on Windows. Other operating systems are unaffected.