Lucene search

Veracode Vulnerability DatabaseVERACODE:43093

HistorySep 03, 2023 - 12:44 p.m.

URL Spoofing Via Default Search Engine

2023-09-0312:44:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

url spoofing

default search engine

firefox

vulnerability

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Firefox is vulnerable to URL Spoofing via Default Search Engine. The default search engine in the web browser can display search queries as if they were the current URL when the query resembles a well-formed URL. This behavior might allow a malicious site, if set as the default search engine, to spoof another site.

CPENameOperatorVersion
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1
firefox:sideq81.0-2
firefox:sideq83.0-1
firefox:sideq82.0.3-1

Name	Operator	Version
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1
firefox:sid	eq	81.0-2
firefox:sid	eq	83.0-1
firefox:sid	eq	82.0.3-1

References

bugzilla.mozilla.org/show_bug.cgi?id=1842766

security-tracker.debian.org/tracker/CVE-2023-4579

security.gentoo.org/glsa/202401-10

www.mozilla.org/security/advisories/mfsa2023-34/

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for VERACODE:43093