Lucene search

[email protected]NVD:CVE-2023-28159

HistoryJun 02, 2023 - 5:15 p.m.

CVE-2023-28159

2023-06-0217:15:12

[email protected]

web.nvd.nist.gov

cve-2023-28159

fullscreen notification

download popups

user confusion

spoofing attacks

firefox

android

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 111.

Affected configurations

Nvd

Node

mozillafirefoxRange<111.0

mozillafirefoxRange<111.0android

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::android::*

References

bugzilla.mozilla.org/show_bug.cgi?id=1783561

www.mozilla.org/security/advisories/mfsa2023-09/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for NVD:CVE-2023-28159

prion1 cve1 ubuntucve1 debiancve1 cvelist1 nessus7 kaspersky1 mozilla1 openvas3 gentoo1