Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-xwh8-4fp4-mvqf

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE
View on GitHub

Advisory Details

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Related CVEs

CVE-2023-28163

Key Information

GHSA ID
GHSA-xwh8-4fp4-mvqf
Published
June 2, 2023 6:30 PM
Last Modified
April 4, 2024 4:30 AM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.