CVE-2023-25743Authentication Bypass by Spoofing in Mozilla Firefox

CWE-290Authentication Bypass by SpoofingCWE-357Insufficient UI Warning of Dangerous Operations6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Firefox ESR
Timeline
PublishedJun 2

Description

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5mozilla/firefoxunspecified110
CVEListV5mozilla/firefox_esrunspecified102.8

🔴Vulnerability Details

2
GHSA
GHSA-j7hq-xhjg-3w36: A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome2023-06-02
CVEList
CVE-2023-25743: A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome2023-06-02

📋Vendor Advisories

3
Red Hat
Mozilla: Fullscreen notification not shown in Firefox Focus2023-02-14
Debian
CVE-2023-25743: firefox - A lack of in app notification for entering fullscreen mode could have lead to a ...2023
Mozilla
Mozilla Foundation Security Advisory 2023-05: CVE-2023-25743
CVE-2023-25743 — Authentication Bypass by Spoofing | cvebase