Lucene search

Ubuntu.comUB:CVE-2023-37205

HistoryJul 05, 2023 - 12:00 a.m.

CVE-2023-37205

2023-07-0500:00:00

ubuntu.com

firefox

url spoofing

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.7%

JSON

The use of RTL Arabic characters in the address bar may have allowed for
URL spoofing. This vulnerability affects Firefox < 115.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfirefox< 115.0+build2-0ubuntu0.20.04.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	firefox	< 115.0+build2-0ubuntu0.20.04.3	UNKNOWN

References

bugzilla.mozilla.org/show_bug.cgi?id=1704420

launchpad.net/bugs/cve/CVE-2023-37205

nvd.nist.gov/vuln/detail/CVE-2023-37205

security-tracker.debian.org/tracker/CVE-2023-37205

ubuntu.com/security/notices/USN-6201-1

www.cve.org/CVERecord?id=CVE-2023-37205

www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205

www.mozilla.org/security/advisories/mfsa2023-22/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.7%

JSON

Related for UB:CVE-2023-37205