CVE-2023-29533

CWE-42512 documents8 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 66.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Firefox FOR Android+3 more
Timeline
PublishedJun 2

Description

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages11 packages

CVEListV5mozilla/firefox_for_androidunspecified112
CVEListV5mozilla/firefoxunspecified112
NVDmozilla/firefox< 112.0
CVEListV5mozilla/firefox_esrunspecified102.10
NVDmozilla/firefox_esr< 102.10

🔴Vulnerability Details

4
GHSA
GHSA-32mm-9vg7-hvp3: A website could have obscured the fullscreen notification by using a combination of window2023-06-02
CVEList
CVE-2023-29533: A website could have obscured the fullscreen notification by using a combination of window2023-06-02
OSV
CVE-2023-29533: A website could have obscured the fullscreen notification by using a combination of window2023-06-02
OSV
firefox vulnerabilities2023-04-12

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2023-04-13
Ubuntu
Firefox vulnerabilities2023-04-12
Red Hat
Mozilla: Fullscreen notification obscured2023-04-11
Debian
CVE-2023-29533: firefox - A website could have obscured the fullscreen notification by using a combination...2023
Mozilla
Mozilla Foundation Security Advisory 2023-15: CVE-2023-29533
CVE-2023-29533 (MEDIUM CVSS 4.3) | A website could have obscured the f | cvebase.io