CVE-2023-29546

2023-06-1911:15:09

mozilla

web.nvd.nist.gov

cve-2023-29546

firefox for android

screen recording

vulnerability

privacy

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information.

This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

Affected configurations

Nvd

Vulners

Node

mozillafirefoxRange<112.0android

mozillafirefox_focusRange<112.0android

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
mozillafirefox_focus*cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::android::*
mozilla	firefox_focus	*	cpe:2.3:a:mozilla:firefox_focus::::::android::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Firefox for Android",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "112",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Focus for Android",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "112",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]