CVE-2024-38313 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox FOR IOS

CWE-451 — User Interface (UI) Misrepresentation of Critical Information5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox FOR IOS Mozilla Firefox

Timeline

PublishedJun 13

Description

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmozilla/firefox< 127.0

▶CVEListV5mozilla/firefox_for_iosunspecified — 127

🔴Vulnerability Details

CVEList

CVE-2024-38313: In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address T↗2024-06-13

▶

GHSA

GHSA-f78g-xm2r-gm6j: In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address T↗2024-06-13

▶

📋Vendor Advisories

Debian

CVE-2024-38313: firefox - In certain scenarios a malicious website could attempt to display a fake locatio...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-27: CVE-2024-38313↗

▶