CVE-2023-37207

EPSS 0.38%
Veröffentlicht 05.07.2023 09:15:09
Zuletzt bearbeitet 21.11.2024 08:11:11
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 115.0

Mozilla ≫ Firefox ESR Version < 102.13

Mozilla ≫ Thunderbird Version < 102.13

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html

https://www.debian.org/security/2023/dsa-5450

Third Party Advisory

https://www.debian.org/security/2023/dsa-5451

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2023-22/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2023-23/

Vendor Advisory