6.5

CVE-2023-23601

URL being dragged from cross-origin iframe into same tab triggers navigation

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 109.0
MozillaFirefox ESR Version < 102.7
MozillaThunderbird Version < 102.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://www.mozilla.org/security/advisories/mfsa2023-01/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-02/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2023-03/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1794268
Vendor Advisory
Issue Tracking
Permissions Required