{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4579", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-08-29T03:36:51.046Z", "datePublished": "2023-09-11T08:01:28.695Z", "dateUpdated": "2024-08-02T07:31:06.614Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "117", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117."}]}], "problemTypes": [{"descriptions": [{"description": "Persisted search terms were formatted as URLs", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"}, {"url": "https://security.gentoo.org/glsa/202401-10"}], "credits": [{"lang": "en", "value": "Malte J\u00fcrgens"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-09-11T08:01:28.695Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:31:06.614Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "97397EB0-B9CD-4C1F-B2DC-92F03D4DC61B", "versionEndExcluding": "117.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117."}, {"lang": "es", "value": "Las consultas de b\u00fasqueda en el motor de b\u00fasqueda predeterminado podr\u00edan parecer haber sido la URL navegada actualmente si la consulta de b\u00fasqueda en s\u00ed fuera una URL bien formada. Esto podr\u00eda haber llevado a que un sitio suplantara a otro si se hubiera configurado maliciosamente como motor de b\u00fasqueda predeterminado. Esta vulnerabilidad afecta a Firefox &lt; 117."}], "id": "CVE-2023-4579", "lastModified": "2024-01-07T11:15:13.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-11T09:15:09.407", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/202401-10"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}