Main Vulnerability Database Vulnerabilities #VU77945

Security features bypass in Mozilla Firefox and Firefox for Android - CVE-2023-3482

Published: July 4, 2023

Vulnerability identifier: #VU77945

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-3482

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when Firefox is configured to block storage of all cookies. It is still possible to store data in localstorage by using an iframe with a source of 'about:blank'. A remote attacker can abuse such behavior to store tracking data without victim's permission.

How to mitigate CVE-2023-3482

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/

Security features bypass in Mozilla Firefox and Firefox for Android - CVE-2023-3482

Detailed vulnerability description

How to mitigate CVE-2023-3482

Sources

Please verify you're human