Veracode Vulnerability DatabaseVERACODE:42214Authorization Bypass
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
39.7%
firefox and thunderbird are vulnerable to Authorization Bypasses. This vulnerability occurs when Firefox parses a specially crafted WebDriver command. If the command is valid, Firefox could execute arbitrary JavaScript code in the context of the current web page. This could be used to steal the victim’s cookies or to redirect the victim to a malicious website.
References
bugzilla.mozilla.org/show_bug.cgi?id=1753339
bugzilla.mozilla.org/show_bug.cgi?id=1753341
security-tracker.debian.org/tracker/CVE-2023-32205
security.gentoo.org/glsa/202312-03
security.gentoo.org/glsa/202401-10
www.mozilla.org/security/advisories/mfsa2023-16/
www.mozilla.org/security/advisories/mfsa2023-17/
www.mozilla.org/security/advisories/mfsa2023-18/
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
39.7%