The vulnerability of the RTL Arabic Character Handler component in the Mozilla Firefox browser allows attackers to perform spoofing attacks using a specially created web page.

🗓️ 25 Jul 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

RTL Arabic Character Handler in Firefox has UI representation errors enabling spoofing via a page.

Reporter	Title	Published	Views	Family All 51
Tenable Nessus	Amazon Linux 2 : firefox (ALASFIREFOX-2023-017)	16 Nov 202300:00	–	nessus
Tenable Nessus	Fedora 37 : firefox (2023-5c979c4971)	7 Jul 202300:00	–	nessus
Tenable Nessus	Fedora 38 : firefox (2023-b9b15ebaad)	5 Jul 202300:00	–	nessus
Tenable Nessus	GLSA-202401-10 : Mozilla Firefox: Multiple Vulnerabilities	9 Jan 202400:00	–	nessus
Tenable Nessus	Mozilla Firefox < 115.0	4 Jul 202300:00	–	nessus
Tenable Nessus	Mozilla Firefox < 115.0	4 Jul 202300:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2849-1)	18 Jul 202300:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2850-1)	18 Jul 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2886-1)	20 Jul 202300:00	–	nessus
Tenable Nessus	Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6201-1)	5 Jul 202300:00	–	nessus

Vulners

Node

novell suse_openstack_cloudMatch7

OR

novell suse_openstack_cloudMatch8

OR

novell suse_openstack_cloud_crowbarMatch8

OR

novell suse_enterprise_storageMatch6

OR

novell suse_manager_proxyMatch4.0

OR

novell suse_manager_retail_branch_serverMatch4.0

OR

novell suse_manager_serverMatch4.0

OR

novell suse_manager_serverMatch4.2

OR

novell suse_manager_serverMatch4.1

OR

novell suse_manager_proxyMatch4.1

OR

novell suse_manager_retail_branch_serverMatch4.1

OR

novell suse_manager_retail_branch_serverMatch4.2

OR

mozilla firefoxRange<115

OR

novell suse_linux_enterprise_server_for_sap_applicationsMatch15

OR

novell suse_linux_enterprise_serverMatch15

Source	Link
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2023-22/
explore	www.explore.alas.aws.amazon.com/CVE-2023-37205.html
ubuntu	www.ubuntu.com/security/CVE-2023-37205
suse	www.suse.com/security/cve/CVE-2023-37205.html
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.9/
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
wiki	www.wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 36.5

CVSS 27.8

EPSS0.0043

rtl arabic character handler firefox ui representation errors spoofing crafted page