PT-2023-1690 · Mozilla+8 · Firefox+10

Hafiizh

·

Published

2023-02-14

·

Updated

2024-12-12

·

CVE-2023-25743

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 110 Firefox ESR versions prior to 102.8 Firefox Focus (affected versions not specified)
Description The issue is related to a lack of in-app notification for entering fullscreen mode, which could allow a malicious website to spoof browser chrome. This could enable a remote attacker to conduct spoofing attacks.
Recommendations For Firefox versions prior to 110, update to version 110 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later. For Firefox Focus, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-290CWE-357

Related Identifiers

ALSA-2023:0808
ALSA-2023:0810
ALSA-2023:0821
ALSA-2023:0824
ALT-PU-2023-1387
ALT-PU-2023-1478
BDU:2023-01261
CESA-2023_0808
CESA-2023_0812
CESA-2023_0817
CESA-2023_0821
CVE-2023-25743
OPENSUSE-SU-2023_0461-1
OPENSUSE-SU-2024:12702-1
OPENSUSE-SU-2024:12753-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:0805
RHSA-2023:0806
RHSA-2023:0807
RHSA-2023:0808
RHSA-2023:0809
RHSA-2023:0810
RHSA-2023:0811
RHSA-2023:0812
RHSA-2023:0817
RHSA-2023:0818
RHSA-2023:0819
RHSA-2023:0820
RHSA-2023:0821
RHSA-2023:0822
RHSA-2023:0823
RHSA-2023:0824
RHSA-2023_0808
RHSA-2023_0810
RHSA-2023_0812
RHSA-2023_0817
RHSA-2023_0821
RHSA-2023_0824
RLSA-2023:0808
RLSA-2023:0810
RLSA-2023:0821
RLSA-2023:0824
SUSE-SU-2023:0461-1
SUSE-SU-2023:0466-1
SUSE-SU-2023:0469-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Firefox Focus
Red Hat
Red Os
Rocky Linux
Suse