Main Vulnerability Database Vulnerabilities #VU73677

Improper access control in Firefox for Android - CVE-2023-25749

Published: March 14, 2023

Vulnerability identifier: #VU73677

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-25749

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to execute arbitrary applications on the device.

The vulnerability exists due to improper access restrictions when using intents. A remote attacker can trick the victim to visit a specially crafted website and launch arbitrary installed applications on the device from the browser without any use prompt.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected device.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/

Improper access control in Firefox for Android - CVE-2023-25749

Description

Remediation

External links

Please verify you're human