CVE-2023-49060

2023-11-2100:00:00

ubuntu.com

cve-2023-49060

ex-filtration

security key

referrerpolicy

firefox for ios < 120

vulnerability

internal pages

data

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

An attacker could have accessed internal pages or data by ex-filtrating a
security key from ReaderMode via the referrerpolicy attribute. This
vulnerability affects Firefox for iOS < 120.

Notes

Author	Note
tyhicks	mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur	starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap
alexmurray	According to upstream only affects Firefox on iOS so Ubuntu is not affected