CVE-2023-29546

8 documents7 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox FOR Android Mozilla Focus FOR Android Mozilla Firefox +1 more

Timeline

PublishedJun 19

Latest updateOct 15

Description

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5mozilla/firefox_for_androidunspecified — 112

▶CVEListV5mozilla/focus_for_androidunspecified — 112

▶NVDmozilla/firefox_focus< 112.0

▶NVDmozilla/firefox< 112.0

🔴Vulnerability Details

CVEList

CVE-2023-29546: When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive↗2023-06-19

▶

GHSA

GHSA-rh4w-355m-vr23: When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive↗2023-06-19

▶

OSV

CVE-2023-29546: When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive↗2023-06-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (NekoHTML) — CVE-2022-29546↗2023-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (NekoHTML) — CVE-2022-29546↗2023-07-15

▶

Debian

CVE-2023-29546: firefox - When recording the screen while in Private Browsing on Firefox for Android the a...↗2023

▶

Mozilla

Mozilla Foundation Security Advisory 2023-13: CVE-2023-29546↗

▶