CVE-2023-23600Mozilla Firefox vulnerability

4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 51.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJun 2

Description

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 109.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5mozilla/firefoxunspecified109
NVDmozilla/firefox< 109.0
mozillamozilla/firefox

🔴Vulnerability Details

1
GHSA
GHSA-hv5h-mf6r-57mp: Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in2023-06-02

📋Vendor Advisories

2
Debian
CVE-2023-23600: firefox - Per origin notification permissions were being stored in a way that didn't take ...2023
Mozilla
Mozilla Foundation Security Advisory 2023-01: CVE-2023-23600
CVE-2023-23600 — Mozilla Firefox vulnerability | cvebase