OpenCVE

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Firefox Focus

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::android::*
	cpe:2.3:a:mozilla:firefox_focus::::::android::*

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1816007
https://bugzilla.mozilla.org/show_bug.cgi?id=1816059
https://bugzilla.mozilla.org/show_bug.cgi?id=1821155
https://bugzilla.mozilla.org/show_bug.cgi?id=1821576
https://bugzilla.mozilla.org/show_bug.cgi?id=1821906
https://bugzilla.mozilla.org/show_bug.cgi?id=1822298
https://bugzilla.mozilla.org/show_bug.cgi?id=1822305
https://www.mozilla.org/security/advisories/mfsa2023-13/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-06-19T10:11:00.470Z

Updated: 2024-08-02T14:14:38.902Z

Reserved: 2023-04-07T19:49:37.876Z

Link: CVE-2023-29534

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-19T11:15:09.797

Modified: 2024-11-21T07:57:15.000

Link: CVE-2023-29534

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29534", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-04-07T19:49:37.876Z", "datePublished": "2023-06-19T10:11:00.470Z", "dateUpdated": "2024-08-02T14:14:38.902Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Firefox for Android", "vendor": "Mozilla", "versions": [{"lessThan": "112", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Focus for Android", "vendor": "Mozilla", "versions": [{"lessThan": "112", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "user": "00000000-0000-4000-9000-000000000000", "value": "Shaheen Fazim and Hafiizh"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.</p><p>*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.</p>"}], "value": "Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.\n\n*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.\n\n"}], "problemTypes": [{"descriptions": [{"description": "Fullscreen notification could have been obscured on Firefox for Android", "lang": "en"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-06-19T10:11:39.891Z"}, "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816007"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816059"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821155"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821576"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821906"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822298"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822305"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.902Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816007", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816059", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821155", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821576", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821906", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822298", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822305", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "matchCriteriaId": "216F0EFA-865A-45F5-B50F-B734312ED45D", "versionEndExcluding": "112.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:android:*:*", "matchCriteriaId": "D34FE946-8097-46DD-B902-6E93F45D4E2E", "versionEndExcluding": "112.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.\n\n*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.\n\n"}], "id": "CVE-2023-29534", "lastModified": "2024-11-21T07:57:15.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-19T11:15:09.797", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816007"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816059"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821155"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821576"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821906"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822298"}, {"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822305"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1821906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1822305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}