{"id":"CVE-2023-5725","details":"A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox \u003c 119, Firefox ESR \u003c 115.4, and Thunderbird \u003c 115.4.1.","modified":"2026-04-16T04:32:01.198797870Z","published":"2023-10-25T18:17:44.160Z","related":["ALSA-2023:6187","ALSA-2023:6188","ALSA-2023:6191","ALSA-2023:6194","SUSE-SU-2023:4212-1","SUSE-SU-2023:4213-1","SUSE-SU-2023:4214-1","SUSE-SU-2023:4302-1","SUSE-SU-2023:4532-1","SUSE-SU-2023:4533-1","SUSE-SU-2023:4551-1","openSUSE-SU-2024:13356-1","openSUSE-SU-2024:13385-1","openSUSE-SU-2024:13412-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5535"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5538"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-45/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-46/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-47/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1845739"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5725.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"119.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.4"}]},{"events":[{"introduced":"0"},{"fixed":"115.4.1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}]}