{"id":"CVE-2023-37208","details":"When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.","modified":"2026-04-16T04:31:54.470605916Z","published":"2023-07-05T09:15:10.023Z","related":["ALSA-2023:4063","ALSA-2023:4064","ALSA-2023:4071","ALSA-2023:4076","SUSE-SU-2023:2849-1","SUSE-SU-2023:2850-1","SUSE-SU-2023:2886-1","openSUSE-SU-2024:13037-1","openSUSE-SU-2024:13040-1","openSUSE-SU-2024:13133-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5450"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5451"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-22/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-23/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-24/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1837675"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37208.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.13"}]},{"events":[{"introduced":"0"},{"fixed":"102.13"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}