V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
BDU:2023-02677
BDU
Medium

Уязвимость метода window.open браузеров Mozilla Firefox, Focus for Android, Mozilla Firefox ESR и почтового клиента Thunderbird связана с о…

CVSS
5.4
Medium
EPSS
0.00
p0
Published
2023-01-01
Updated
2023-01-01
Description

Уязвимость метода window.open браузеров Mozilla Firefox, Focus for Android, Mozilla Firefox ESR и почтового клиента Thunderbird связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, скрыть полноэкранные уведомления и осуществить спуфинг-атаку

Tags · CWE
Pre-auth
Affected products
Mozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. FirefoxMozilla corp. Firefox esrMozilla corp. Firefox esrMozilla corp. Firefox esrMozilla corp. Firefox esrMozilla corp. Firefox esrMozilla corp. Firefox esr
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Timeline
2023-01-01
Published
2023-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: L
Low (L)
Availability Impact
A: L
Low (L)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Mozilla
FirefoxThunderbirdFirefox EsrFocus
ProductVendorStatus
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefoxmozilla corp.Tracked
firefox esrmozilla corp.Tracked
firefox esrmozilla corp.Tracked
firefox esrmozilla corp.Tracked
firefox esrmozilla corp.Tracked
firefox esrmozilla corp.Tracked
firefox esrmozilla corp.Tracked
Showing first 20 of 56
Source databases
BDU
Related vulnerabilities
CVE-2023-29533
External references
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29533@https://www.mozilla.org/security/advisories/mfsa2023-13.html@https://www.mozilla.org/security/advisories/mfsa2023-14.html@https://www.mozilla.org/security/advisories/mfsa2023-15.html@https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-firefox-cve-2023-1945-cve-2023-29531-cve-2023-29532-cve-2023-29533-cve-20/@https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/@https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/@https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/@https://ubuntu.com/security/notices/USN-6015-1@https://security-tracker.debian.org/tracker/CVE-2023-29533@https://developer.mozilla.org/en-US/docs/Web/API/Window/open@https://altsp.su/obnovleniya-bezopasnosti/@https://altsp.su/obnovleniya-bezopasnosti/@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/@https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-0416SE47@https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17@https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16