cve/2023/CVE-2023-4052.md

### [CVE-2023-4052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4052)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20116%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=File%20deletion%20and%20privilege%20escalation%20through%20Firefox%20uninstaller&color=brighgreen)

### Description

The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1824420

#### Github
- https://github.com/ycdxsb/ycdxsb
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-4052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4052)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20115.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20116%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=File%20deletion%20and%20privilege%20escalation%20through%20Firefox%20uninstaller&color=brighgreen)`

			`### Description`

			The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.

			`### POC`

			`#### Reference`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=1824420`

			`#### Github`
			`- https://github.com/ycdxsb/ycdxsb`