Lucene search

Ubuntu.comUB:CVE-2023-37210

HistoryJul 05, 2023 - 12:00 a.m.

CVE-2023-37210

2023-07-0500:00:00

ubuntu.com

website security

full-screen mode

spoofing attacks

firefox vulnerability

user experience

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

A website could prevent a user from exiting full-screen mode via alert and
prompt calls. This could lead to user confusion and possible spoofing
attacks. This vulnerability affects Firefox < 115.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchfirefox< 115.0+build2-0ubuntu0.20.04.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	firefox	< 115.0+build2-0ubuntu0.20.04.3	UNKNOWN

References

bugzilla.mozilla.org/show_bug.cgi?id=1821886

launchpad.net/bugs/cve/CVE-2023-37210

nvd.nist.gov/vuln/detail/CVE-2023-37210

security-tracker.debian.org/tracker/CVE-2023-37210

ubuntu.com/security/notices/USN-6201-1

www.cve.org/CVERecord?id=CVE-2023-37210

www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210

www.mozilla.org/security/advisories/mfsa2023-22/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for UB:CVE-2023-37210