CVE-2023-37207 — Unsafe Reflection in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV3.1
EPSS
0.5%
top 33.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 5
Latest updateJul 11
Description
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
Also affects: Debian Linux 10.0, 11.0, 12.0
🔴Vulnerability Details
5OSV▶
CVE-2023-37207: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL↗2023-07-05
GHSA▶
GHSA-jpg7-857p-mpqg: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL↗2023-07-05
CVEList▶
CVE-2023-37207: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL↗2023-07-05
📋Vendor Advisories
7Debian▶
CVE-2023-37207: firefox - A website could have obscured the fullscreen notification by using a URL with a ...↗2023