Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-23601HistoryJun 02, 2023 - 5:15 p.m.
CVE-2023-23601
2023-06-0217:15:10
Debian Security Bug Tracker
security-tracker.debian.org
17
url spoofing
cross-origin
vulnerability
firefox
thunderbird
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
41.6%
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 109.0-1 | firefox_109.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 102.7.0esr-1 | firefox-esr_102.7.0esr-1_all.deb |
| Debian | 11 | all | firefox-esr | < 102.7.0esr-1~deb11u1 | firefox-esr_102.7.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 102.7.0esr-1 | firefox-esr_102.7.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 102.7.0esr-1 | firefox-esr_102.7.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:102.7.1-1 | thunderbird_1:102.7.1-1_all.deb |
| Debian | 11 | all | thunderbird | < 1:102.8.0-1~deb11u1 | thunderbird_1:102.8.0-1~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:102.7.1-1 | thunderbird_1:102.7.1-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:102.7.1-1 | thunderbird_1:102.7.1-1_all.deb |
Related
prion
prion
Spoofing
2023-06-02 17:15:00
redhatcve
redhatcve
CVE-2023-23601
2023-01-19 12:06:25
ubuntucve
ubuntucve
CVE-2023-23601
2023-01-18 00:00:00
veracode
veracode
Spoofing Attacks
2023-01-24 20:59:28
cve
cve
CVE-2023-23601
2023-06-02 17:15:10
alpinelinux
alpinelinux
CVE-2023-23601
2023-06-02 17:15:10
nvd
nvd
CVE-2023-23601
2023-06-02 17:15:10
cvelist
cvelist
CVE-2023-23601
2023-06-02 00:00:00
openvas
openvas
openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2023:0113-1)
2024-03-04 00:00:00
Debian: Security Advisory (DLA-3275-1)
2023-01-20 00:00:00
ibm
ibm
osv
osv
firefox-esr - security update
2023-01-18 00:00:00
firefox-esr - security update
2023-01-19 00:00:00
Important: thunderbird security update
2023-01-25 15:07:38
nessus
nessus
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2023:0111-1)
2023-01-21 00:00:00
Debian DLA-3275-1 : firefox-esr - LTS security update
2023-01-19 00:00:00
debian
debian
[SECURITY] [DSA 5322-1] firefox-esr security update
2023-01-18 19:18:50
[SECURITY] [DLA 3275-1] firefox-esr security update
2023-01-19 12:09:25
[SECURITY] [DSA 5355-1] thunderbird security update
2023-02-18 18:55:02
centos
centos
firefox security update
2023-01-30 16:26:57
thunderbird security update
2023-01-30 16:28:01
oraclelinux
oraclelinux
thunderbird security update
2023-01-25 00:00:00
thunderbird security update
2023-01-26 00:00:00
firefox security update
2023-01-24 00:00:00
redhat
redhat
(RHSA-2023:0295) Important: firefox security update
2023-01-23 08:26:13
(RHSA-2023:0462) Important: thunderbird security update
2023-01-25 15:06:24
(RHSA-2023:0296) Important: firefox security update
2023-01-23 08:26:41
almalinux
almalinux
Important: firefox security update
2023-01-23 00:00:00
Important: thunderbird security update
2023-01-25 00:00:00
Important: firefox security update
2023-01-23 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 102.7 — Mozilla
2023-01-17 00:00:00
Security Vulnerabilities fixed in Thunderbird 102.7 — Mozilla
2023-01-18 00:00:00
Security Vulnerabilities fixed in Firefox 109 — Mozilla
2023-01-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package thunderbird version 102.7.0-alt1
2023-01-26 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 102.7.0-alt1
2023-02-21 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2023-01-24 10:58:25
Updated thunderbird packages fix security vulnerability
2023-02-07 03:06:39
kaspersky
kaspersky
KLA20169 Multiple vulnerabilities in Mozilla Firefox ESR
2023-01-17 00:00:00
KLA20174 Multiple vulnerabilities in Mozilla Thunderbird
2023-01-18 00:00:00
KLA20168 Multiple vulnerabilities in Mozilla Firefox
2023-01-17 00:00:00
rocky
rocky
thunderbird security update
2023-01-26 17:04:32
firefox security update
2023-01-23 08:23:43
firefox security update
2023-01-23 08:24:24
slackware
slackware
[slackware-security] mozilla-firefox
2023-01-18 06:24:42
ubuntu
ubuntu
Firefox vulnerabilities
2023-01-23 00:00:00
Firefox regressions
2023-02-06 00:00:00
Thunderbird vulnerabilities
2023-02-06 00:00:00
gentoo
gentoo
Mozilla Thunderbird: Multiple Vulnerabilities
2023-05-03 00:00:00
Mozilla Firefox: Multiple Vulnerabilities
2023-05-03 00:00:00
amazon
amazon
Important: thunderbird
2023-02-17 00:11:00
Important: thunderbird
2023-02-17 00:11:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0035
2023-06-22 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
41.6%
Related for DEBIANCVE:CVE-2023-23601