CVE-2023-29540

CWE-601 — Open Redirect10 documents7 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 59.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox FOR Android Mozilla Focus FOR Android +1 more

Timeline

PublishedJun 2

Description

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5mozilla/firefox_for_androidunspecified — 112

▶CVEListV5mozilla/focus_for_androidunspecified — 112

▶CVEListV5mozilla/firefoxunspecified — 112

▶NVDmozilla/firefox< 112.0

▶Ubuntufirefox< 112.0+build2-0ubuntu0.18.04.1+1

🔴Vulnerability Details

GHSA

GHSA-3xgq-mgc9-7wqx: Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigati↗2023-06-02

▶

CVEList

CVE-2023-29540: Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigati↗2023-06-02

▶

OSV

firefox regressions↗2023-04-26

▶

OSV

firefox regressions↗2023-04-18

▶

OSV

CVE-2023-29540: Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigati↗2023-04-12

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2023-04-12

▶

Debian

CVE-2023-29540: firefox - Using a redirect embedded into <code>sourceMappingUrls</code> could allow for na...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-13: CVE-2023-29540↗

▶