6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.6%
A website could have obscured the fullscreen notification by using an
option element by introducing lag via an expensive computational function.
This could have led to user confusion and possible spoofing attacks. This
vulnerability affects Firefox < 115.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
bugzilla.mozilla.org/show_bug.cgi?id=1832195
launchpad.net/bugs/cve/CVE-2023-37204
nvd.nist.gov/vuln/detail/CVE-2023-37204
security-tracker.debian.org/tracker/CVE-2023-37204
ubuntu.com/security/notices/USN-6201-1
www.cve.org/CVERecord?id=CVE-2023-37204
www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204
www.mozilla.org/security/advisories/mfsa2023-22/