{"id":"CVE-2023-6209","details":"Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox \u003c 120, Firefox ESR \u003c 115.5.0, and Thunderbird \u003c 115.5.","modified":"2026-04-16T04:39:11.072232238Z","published":"2023-11-21T15:15:07.957Z","related":["ALSA-2023:7500","ALSA-2023:7501","ALSA-2023:7507","ALSA-2023:7508","SUSE-SU-2023:4588-1","SUSE-SU-2023:4912-1","SUSE-SU-2023:4928-1","SUSE-SU-2023:4929-1","openSUSE-SU-2024:13459-1","openSUSE-SU-2024:13468-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-49/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-50/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-52/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5561"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1858570"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"120.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.5"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6209.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}