CVE-2023-29534
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
70.3%
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.
This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:* |
| mozilla | firefox_focus | * | cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:* |
References
bugzilla.mozilla.org/show_bug.cgi?id=1816007
bugzilla.mozilla.org/show_bug.cgi?id=1816059
bugzilla.mozilla.org/show_bug.cgi?id=1821155
bugzilla.mozilla.org/show_bug.cgi?id=1821576
bugzilla.mozilla.org/show_bug.cgi?id=1821906
bugzilla.mozilla.org/show_bug.cgi?id=1822298
bugzilla.mozilla.org/show_bug.cgi?id=1822305
www.mozilla.org/security/advisories/mfsa2023-13/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
70.3%