You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 37203
About this tag
CVE-2023-37203 is a security vulnerability in Mozilla Firefox that affects the Drag and Drop API. The flaw involves insufficient validation of drag-and-drop actions, which could allow an attacker, through social engineering, to trick users into creating shortcuts to local system files. This could potentially lead to arbitrary code execution on systems running Firefox versions earlier than 115. Mozilla addressed the issue in Firefox 115, released in early July 2023. Discussions on WindowsForum.com cover the mechanics of the vulnerability, realistic attack scenarios, and the importance of updating Firefox to mitigate the risk. The tag is relevant for security-conscious users, IT administrators, and anyone managing Firefox deployments.
A relatively obscure browser interaction — dragging and dropping content — turned into a tangible security risk when Mozilla disclosed CVE-2023-37203: an insufficient validation flaw in the Drag and Drop API that, when combined with social engineering, could trick users into creating shortcuts...