CVE-2023-37204Mozilla Firefox vulnerability

7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJul 5

Description

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/firefox< firefox 115.0-1 (sid)
CVEListV5mozilla/firefoxunspecified115
NVDmozilla/firefox< 115.0
Ubuntumozilla/firefox< 115.0+build2-0ubuntu0.20.04.3
mozillamozilla/firefox

🔴Vulnerability Details

3
OSV
firefox vulnerabilities2023-07-05
GHSA
GHSA-9g93-p34g-x5f6: A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function2023-07-05
OSV
CVE-2023-37204: A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function2023-07-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2023-07-05
Debian
CVE-2023-37204: firefox - A website could have obscured the fullscreen notification by using an option ele...2023
Mozilla
Mozilla Foundation Security Advisory 2023-22: CVE-2023-37204
CVE-2023-37204 — Mozilla Firefox vulnerability | cvebase