Lucene search

Mozilla FoundationMFSA2023-51

HistoryNov 21, 2023 - 12:00 a.m.

Security Vulnerabilities fixed in Firefox for iOS 120 — Mozilla

2023-11-2100:00:00

Mozilla Foundation

www.mozilla.org

mozilla

ios

security

vulnerabilities

data exfiltration

html injection

user information

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute.
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information.

Affected configurations

Vulners

Node

mozillafirefoxRange<120

CPENameOperatorVersion
firefox for ioslt120

CPE	Name	Operator	Version
	firefox for ios	lt	120

References

bugzilla.mozilla.org/show_bug.cgi?id=1861405

bugzilla.mozilla.org/show_bug.cgi?id=1861420

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for MFSA2023-51