CVE-2023-5726
published 2023-10-25CVE-2023-5726: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 119.0 | 119.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 119 | 119 |
| mozilla | firefox_esr | < 115.4 | 115.4 |
| mozilla | firefox_esr | >= unspecified < 115.4 | 115.4 |
| mozilla | thunderbird | < 115.4.1 | 115.4.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu0.20.04.1 | 1:115.4.1+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu0.22.04.1 | 1:115.4.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.4.1+build1-0ubuntu1 | 1:115.4.1+build1-0ubuntu1 |
| mozilla | thunderbird | >= unspecified < 115.4.1 | 115.4.1 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM
Red Hat
Mozilla: Full screen notification obscured by file open dialog on macOS
vendor_redhat·2023-10-24·CVSS 4.3
CVE-2023-5726 [MEDIUM] CWE-356 Mozilla: Full screen notification obscured by file open dialog on macOS
Mozilla: Full screen notification obscured by file open dialog on macOS
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
The Mozilla Foundation Security Advisory describes this flaw as:
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.*
Statement: Red Hat Product Security rates the severity o
Debian
CVE-2023-5726: firefox - A website could have obscured the full screen notification by using the file ope...
vendor_debian·2023·CVSS 4.3
CVE-2023-5726 [MEDIUM] CVE-2023-5726: firefox - A website could have obscured the full screen notification by using the file ope...
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2023-45: CVE-2023-5726
vendor_mozilla·CVSS 4.3
CVE-2023-5726 [MEDIUM] Mozilla Foundation Security Advisory 2023-45: CVE-2023-5726
Mozilla Foundation Security Advisory 2023-45
CVE: CVE-2023-5726
Product: Firefox
Impact: high
Fixed in: Firefox 119
Mozilla
Mozilla Foundation Security Advisory 2023-46: CVE-2023-5726
vendor_mozilla·CVSS 4.3
CVE-2023-5726 [MEDIUM] Mozilla Foundation Security Advisory 2023-46: CVE-2023-5726
Mozilla Foundation Security Advisory 2023-46
CVE: CVE-2023-5726
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.4
Mozilla
Mozilla Foundation Security Advisory 2023-47: CVE-2023-5726
vendor_mozilla·CVSS 4.3
CVE-2023-5726 [MEDIUM] Mozilla Foundation Security Advisory 2023-47: CVE-2023-5726
Mozilla Foundation Security Advisory 2023-47
CVE: CVE-2023-5726
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.4.1
GHSA
GHSA-cxxg-52f9-f5mj: A website could have obscured the full screen notification by using the file open dialog
ghsa_unreviewed·2023-10-25
CVE-2023-5726 [MEDIUM] GHSA-cxxg-52f9-f5mj: A website could have obscured the full screen notification by using the file open dialog
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
OSV
CVE-2023-5726: A website could have obscured the full screen notification by using the file open dialog
osv·2023-10-25·CVSS 4.3
CVE-2023-5726 [MEDIUM] CVE-2023-5726: A website could have obscured the full screen notification by using the file open dialog
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1846205https://www.mozilla.org/security/advisories/mfsa2023-45/https://www.mozilla.org/security/advisories/mfsa2023-46/https://www.mozilla.org/security/advisories/mfsa2023-47/https://bugzilla.mozilla.org/show_bug.cgi?id=1846205https://www.mozilla.org/security/advisories/mfsa2023-45/https://www.mozilla.org/security/advisories/mfsa2023-46/https://www.mozilla.org/security/advisories/mfsa2023-47/
2023-10-25
Published