Main Vulnerability Database Vulnerabilities #VU72249

#VU72249 Spoofing attack in Mozilla Firefox and Firefox ESR - CVE-2023-25730

Published: February 15, 2023

Vulnerability identifier: #VU72249

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-25730

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the possibility of screen hijacking. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/

#VU72249 Spoofing attack in Mozilla Firefox and Firefox ESR - CVE-2023-25730

Description

Remediation

External links

Please verify you're human