Vulnerability CVE-2023-37204: Information

Description

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-37204
Published: July 5, 2023
Modified: Jan. 7, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus115.0-alt1127.0-alt1ALT-PU-2023-4102-1324292Fixed
firefoxsisyphus_riscv64115.0-alt0.1.rv64126.0-alt0.portALT-PU-2023-4218-1-Fixed
firefoxp10118.0.2-alt0.p10.1118.0.2-alt0.p10.1ALT-PU-2024-4241-4342418Fixed
firefoxp11115.0-alt1126.0.1-alt1ALT-PU-2023-4102-1324292Fixed
firefox-esrsisyphus115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed
firefox-esrp10115.3.1-alt4115.11.0-alt1ALT-PU-2023-6436-2330014Fixed
firefox-esrc10f1115.8.0-alt0.c10.1115.9.1-alt0.c10.1ALT-PU-2024-3614-2340631Fixed
firefox-esrp11115.2.1-alt1115.11.0-alt1ALT-PU-2023-5754-2329883Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2023-22/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1832195
  • Issue Tracking
  • Permissions Required
https://security.gentoo.org/glsa/202401-10

      1. Configuration 1

        cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
        End excliding
        115.0
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top