Lucene search

[email protected]NVD:CVE-2023-5758

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-5758

2023-10-2518:17:45

CWE-79

[email protected]

web.nvd.nist.gov

firefox

ios

xss vulnerability

reader mode

cve-2023-5758

cross-site scripting

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.2%

JSON

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.

Affected configurations

Nvd

Node

mozillafirefoxRange<119.0iphone_os

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::iphone_os::*

References

bugzilla.mozilla.org/show_bug.cgi?id=1850019

security.gentoo.org/glsa/202401-10

www.mozilla.org/security/advisories/mfsa2023-48/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.2%

JSON

Related for NVD:CVE-2023-5758

debiancve1 cve1 cvelist1 prion1 mozilla1 nessus1 gentoo1