Lucene search

[email protected]NVD:CVE-2023-25743

HistoryJun 02, 2023 - 5:15 p.m.

CVE-2023-25743

2023-06-0217:15:11

CWE-290

[email protected]

web.nvd.nist.gov

firefox

focus

fullscreen

notification

vulnerability

malicious website spoofing

firefox esr

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.

Affected configurations

Nvd

Node

mozillafirefox_focusMatch-

VendorProductVersionCPE
mozillafirefox_focus-cpe:2.3:a:mozilla:firefox_focus:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_focus	-	cpe:2.3:a:mozilla:firefox_focus:-:::::::*

References

bugzilla.mozilla.org/show_bug.cgi?id=1800203

www.mozilla.org/security/advisories/mfsa2023-05/

www.mozilla.org/security/advisories/mfsa2023-06/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

37.7%

JSON

Related for NVD:CVE-2023-25743

prion1 ubuntucve1 debiancve1 redhatcve1 cvelist1 cve1 nessus46 centos2 redhat16 openvas8 rocky4 redos1 osv9 oraclelinux6 almalinux4 slackware1 kaspersky2 mozilla1 gentoo1 ibm1