Main Vulnerability Database Vulnerabilities #VU77945

#VU77945 Security features bypass in Mozilla Firefox and Firefox for Android - CVE-2023-3482

Published: July 4, 2023

Vulnerability identifier: #VU77945

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-3482

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when Firefox is configured to block storage of all cookies. It is still possible to store data in localstorage by using an iframe with a source of 'about:blank'. A remote attacker can abuse such behavior to store tracking data without victim's permission.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/

#VU77945 Security features bypass in Mozilla Firefox and Firefox for Android - CVE-2023-3482

Description

Remediation

External links

Please verify you're human