CVE-2023-37455UI Misrepresentation / Clickjacking in Mozilla Firefox FOR IOS

CWE-1021UI Misrepresentation / Clickjacking5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 53.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedJul 12

Description

The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDmozilla/firefox< 115
CVEListV5mozilla/firefox_for_iosunspecified115

🔴Vulnerability Details

2
CVEList
CVE-2023-37455: The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab2023-07-12
GHSA
GHSA-3mvg-pwgj-w59x: The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab2023-07-12

📋Vendor Advisories

2
Debian
CVE-2023-37455: firefox - The permission request prompt from the site in the background tab was overlaid o...2023
Mozilla
Mozilla Foundation Security Advisory 2023-25: CVE-2023-37455
CVE-2023-37455 — UI Misrepresentation / Clickjacking | cvebase