{"id":"CVE-2023-4581","details":"Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox \u003c 117, Firefox ESR \u003c 102.15, Firefox ESR \u003c 115.2, Thunderbird \u003c 102.15, and Thunderbird \u003c 115.2.","modified":"2026-03-15T22:47:33.586842Z","published":"2023-09-11T09:15:09.550Z","related":["ALSA-2023:4952","ALSA-2023:4954","ALSA-2023:4955","ALSA-2023:4958","MGASA-2023-0266","SUSE-SU-2023:3519-1","SUSE-SU-2023:3559-1","SUSE-SU-2023:3562-1","SUSE-SU-2023:3664-1","openSUSE-SU-2024:13176-1","openSUSE-SU-2024:13196-1","openSUSE-SU-2024:13197-1","openSUSE-SU-2024:13202-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-35/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-36/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-37/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-38/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-34/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1843758"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"117.0"}]},{"events":[{"introduced":"115.0"},{"fixed":"115.2"}]},{"events":[{"introduced":"0"},{"fixed":"102.15"}]},{"events":[{"introduced":"0"},{"fixed":"115.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4581.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}