PT-2023-6537 · Mozilla+2 · Thunderbird+4

Edgar Chen

+1

·

Published

2023-10-24

·

Updated

2024-12-27

·

CVE-2023-5726

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1
Description The issue is related to errors in presenting information to the user interface, resulting in the hiding of full-screen notifications. This could lead to user confusion and possible spoofing attacks. A website could obscure the full-screen notification by using the file open dialog. This issue only affects macOS operating systems, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 119, update to version 119 or later to resolve the issue. For Firefox ESR versions prior to 115.4, update to version 115.4 or later to resolve the issue. For Thunderbird versions prior to 115.4.1, update to version 115.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the file open dialog in affected versions to minimize the risk of exploitation.

Fix

UI Misrepresentation of Critical Information

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-356CWE-451CWE-1021

Related Identifiers

ALT-PU-2023-6639
ALT-PU-2023-6856
ALT-PU-2023-6883
ALT-PU-2023-6908
ALT-PU-2024-15839
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4748
BDU:2023-07284
CVE-2023-5726
OPENSUSE-SU-2023_4214-1
OPENSUSE-SU-2023_4302-1
OPENSUSE-SU-2023_4551-1
OPENSUSE-SU-2024:13356-1
OPENSUSE-SU-2024:13385-1
OPENSUSE-SU-2024:13412-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:4212-1
SUSE-SU-2023:4213-1
SUSE-SU-2023:4214-1
SUSE-SU-2023:4302-1
SUSE-SU-2023:4532-1
SUSE-SU-2023:4533-1
SUSE-SU-2023:4551-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Suse
Thunderbird