Attacker Value
Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
2

CVE-2023-6209

Disclosure Date: November 21, 2023
CVE-2023-6209 CVSS v3 Base Score: 6.5
Exploited in the Wild
Reported by centralpanic
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal “/../” part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    High
Observed in nation state sponsored attacksObserved in ransomware attacksDifficult to weaponizeRequires elevated access
Technical Analysis

Simple to resolve Upgrade Ubuntu:23.10 thunderbird to version 1:115.5.0+build1-0ubuntu0.23.10.1 or higher..

Also looking at the code, there doesn’t seem to be any reason why gPropertiesFile can’t be:

static const char* gPropertiesFile[nsContentUtils::PropertiesFile[COUNT]
The CreateBundle method each of those strings is passed to expects a const char* with no hard-coded expectation of length. It’s static so the symbol can’t be resolved outside this cpp. Also, fwiw the new max length string in that array is 75, not 78 (including null-terminator).

Why is the setting to enable 2 rather than 1?

Apart from that it looks fine to me.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
6.5 Medium
Impact Score:
3.6
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Firefox 120
Firefox ESR 115.5.0
Thunderbird 115.5
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • mozilla

Products

  • debian linux 10.0,
  • debian linux 11.0,
  • debian linux 12.0,
  • firefox,
  • firefox esr,
  • thunderbird

Exploited in the Wild

Reported by:
Technical Analysis