PT-2023-8011 · Mozilla+2 · Firefox+3

Hafiizh

Publicado

2023-12-19

Atualizado

2024-12-27

CVE-2023-6870

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 121 Firefox Focus versions prior to 121

Description The issue is related to errors in handling fullscreen notifications in Mozilla Firefox and Firefox Focus for Android. It may allow a remote attacker to impact data integrity. Applications that generate a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This problem only affects Android versions of Firefox and Firefox Focus.

Recommendations For Firefox versions prior to 121, update to version 121 or later to resolve the issue. For Firefox Focus versions prior to 121, update to version 121 or later to resolve the issue. As a temporary workaround, consider restricting the use of background threads that spawn Toast notifications to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-357

Identificadores relacionados

ALT-PU-2023-8231

ALT-PU-2024-15839

BDU:2023-09126

CVE-2023-6870

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Alt Linux

Astra Linux

Firefox

Firefox Focus

PT-2023-8011 · Mozilla+2 · Firefox+3

CVE-2023-6870

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2356