Lucene search

K
redhatcveRedhat.comRH:CVE-2023-23601
HistoryJan 19, 2023 - 12:06 p.m.

CVE-2023-23601

2023-01-1912:06:25
redhat.com
access.redhat.com
23
mozilla
security advisory
navigations
cross-origin
spoofing attacks

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

41.6%

The Mozilla Foundation Security Advisory describes this flaw as: Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

41.6%