Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-29534

HistoryJun 19, 2023 - 11:15 a.m.

CVE-2023-29534

2023-06-1911:15:09

Debian Security Bug Tracker

security-tracker.debian.org

fullscreen

notification

firefox

focus

android

spoofing

vulnerability

user confusion

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 127.0.2-1firefox_127.0.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 127.0.2-1	firefox_127.0.2-1_all.deb

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for DEBIANCVE:CVE-2023-29534