PT-2023-2073 · Mozilla+3 · Firefox For Android+3

Hafiizh

Publicado

2023-03-14

Atualizado

2025-01-09

CVE-2023-25748

CVSS v2.0

7.6

Alta

Vetor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 111

Description The issue is related to the fullscreen notification mode in Firefox for Android, where a lack of warnings about potentially dangerous actions when loading prompt windows can lead to user confusion or spoofing attacks. This can be exploited by a remote attacker. The vulnerability allows for potential user confusion or spoofing attacks by hiding the fullscreen notification through a prompt with a long description.

Recommendations For Firefox for Android versions prior to 111, update to version 111 or later to resolve the issue. As a temporary workaround, consider avoiding the use of fullscreen notifications with long descriptions to minimize the risk of exploitation.

Exploit

Correção

Clickjacking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1021CWE-357

Identificadores relacionados

ALT-PU-2023-1443

ALT-PU-2023-1817

ALT-PU-2023-5202

BDU:2023-01806

CVE-2023-25748

OPENSUSE-SU-2024:12839-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2023:0728-1

SUSE-SU-2023:0763-1

SUSE-SU-2023:0835-1

SUSE-SU-2023_0728-1

SUSE-SU-2023_0763-1

SUSE-SU-2023_0835-1

Produtos afetados

Alt Linux

Astra Linux

Firefox For Android

Suse

PT-2023-2073 · Mozilla+3 · Firefox For Android+3

CVE-2023-25748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1883