Insufficient UI Warning of Dangerous Operations in Firefox for iOS - CVE-2023-37455
Published: July 11, 2023
Vulnerability identifier: #VU78058
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-37455
CWE-ID: CWE-357
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Firefox for iOS
Firefox for iOS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the media permission request prompt from the site in the background tab is overlaid on top of the site in the foreground tab. A remote attacker can perform spoofing attack.
How to mitigate CVE-2023-37455
Install updates from vendor's website.