Lucene search

K
cvelistMozillaCVELIST:CVE-2023-4580
HistorySep 11, 2023 - 8:01 a.m.

CVE-2023-4580

2023-09-1108:01:38
mozilla
www.cve.org
cve-2023-4580
push notifications
disk storage
private browsing
encryption
sensitive information
firefox
thunderbird
vulnerability

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "117",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]