Platform
other
Component
translator-poqdev-add-on
Fixed in
1.0.12
CVE-2023-5496 is a cross-site scripting (XSS) vulnerability affecting the Translator PoqDev Add-On for Mozilla Firefox. This vulnerability arises from improper handling of text selection within the add-on, potentially allowing attackers to inject malicious scripts. The vulnerability impacts versions 1.0.11 through 1.0.11 and has been resolved in version 1.0.12.
Successful exploitation of CVE-2023-5496 could allow an attacker to execute arbitrary JavaScript code within the context of a user's Firefox browser. This could lead to the theft of sensitive information, such as cookies and session tokens, or the redirection of users to malicious websites. The attack is initiated remotely, and while the complexity is considered high, the public disclosure of the vulnerability increases the risk of exploitation. The impact is amplified if the affected add-on is widely used and trusted by users.
CVE-2023-5496 was publicly disclosed on 2023-10-10. The vulnerability has been assigned the VDB identifier VDB-241649. The public availability of the vulnerability and the lack of response from the vendor increase the likelihood of exploitation. No active campaigns or KEV listing are currently known.
Exploit Status
EPSS
0.25% (48% percentile)
CVSS Vector
The primary mitigation for CVE-2023-5496 is to upgrade the Translator PoqDev Add-On to version 1.0.12 or later. If upgrading is not immediately feasible, consider disabling the add-on until the update can be applied. While a direct workaround is not available, Firefox's built-in security features may offer some protection against XSS attacks. After upgrading, confirm the fix by attempting to trigger the vulnerable text selection functionality and verifying that no malicious scripts are executed.
Update the Translator PoqDev Add-On to a version later than 1.0.11, if available. If no updates are available, consider disabling or removing the add-on until a patched version is released. Consult the vendor for more information on the availability of a solution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-5496 is a cross-site scripting vulnerability in the Translator PoqDev Add-On for Firefox, allowing attackers to potentially execute malicious scripts through improper text selection handling.
You are affected if you use Mozilla Firefox and have the Translator PoqDev Add-On installed in version 1.0.11–1.0.11. Upgrade to 1.0.12 to mitigate the risk.
Upgrade the Translator PoqDev Add-On to version 1.0.12 or later. If upgrading is not possible, disable the add-on until the update is available.
While no active campaigns are currently confirmed, the public disclosure of the vulnerability increases the risk of exploitation.
Due to the vendor's lack of response, an official advisory may not be available. Monitor Firefox security advisories and third-party security resources for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.