CVE-2023-37207

Published: Jul 5, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Affected (6)

Products: Mozilla: Firefox, Firefox Esr, Thunderbird · Debian: Debian Linux

3 products

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 115.0
Mozilla Firefox Esr	Before 102.13
Mozilla Thunderbird	Before 102.13

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 12.0

Related CWEs

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

References (16)

https://bugzilla.mozilla.org/show_bug.cgi?id=1816287

Source: security@mozilla.org

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Source: security@mozilla.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Source: security@mozilla.org

https://www.debian.org/security/2023/dsa-5450

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2023/dsa-5451

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2023-22/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-23/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-24/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1816287

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2023/dsa-5450

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2023/dsa-5451

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2023-22/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-23/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-24/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.