QwikSec

Security Database

CVE

CWE

Training

CVE-2023-6209

Published: Nov 21, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 120`
Mozilla	Firefox ESR	affected `unspecified - < 115.5.0`
Mozilla	Thunderbird	affected `unspecified - < 115.5`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1858570

https://www.mozilla.org/security/advisories/mfsa2023-49/

https://www.mozilla.org/security/advisories/mfsa2023-50/

https://www.mozilla.org/security/advisories/mfsa2023-52/

https://www.debian.org/security/2023/dsa-5561

https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html

https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.