PT-2023-8011 · Mozilla+2 · Firefox+3

Hafiizh

Published

2023-12-19

Updated

2024-12-27

CVE-2023-6870

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 121 Firefox Focus versions prior to 121

Description The issue is related to errors in handling fullscreen notifications in Mozilla Firefox and Firefox Focus for Android. It may allow a remote attacker to impact data integrity. Applications that generate a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. This problem only affects Android versions of Firefox and Firefox Focus.

Recommendations For Firefox versions prior to 121, update to version 121 or later to resolve the issue. For Firefox Focus versions prior to 121, update to version 121 or later to resolve the issue. As a temporary workaround, consider restricting the use of background threads that spawn Toast notifications to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-357

Related Identifiers

ALT-PU-2023-8231

ALT-PU-2024-15839

BDU:2023-09126

CVE-2023-6870

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Astra Linux

Firefox

Firefox Focus

PT-2023-8011 · Mozilla+2 · Firefox+3

CVE-2023-6870

Weakness Enumeration

Related Identifiers

Affected Products

References · 2356