CVE-2023-4579 (GCVE-0-2023-4579)
Vulnerability from cvelistv5 – Published: 2023-09-11 08:01 – Updated: 2025-02-13 17:14
VLAI?
Summary
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
Severity ?
No CVSS data available.
CWE
- Persisted search terms were formatted as URLs
Assigner
References
Credits
Malte Jürgens
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:58.817052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:09:50.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "117",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Malte J\u00fcrgens"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117."
}
],
"value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persisted search terms were formatted as URLs",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:07:05.826Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"
},
{
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-4579",
"datePublished": "2023-09-11T08:01:28.695Z",
"dateReserved": "2023-08-29T03:36:51.046Z",
"dateUpdated": "2025-02-13T17:14:11.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"117.0\", \"matchCriteriaId\": \"97397EB0-B9CD-4C1F-B2DC-92F03D4DC61B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117.\"}, {\"lang\": \"es\", \"value\": \"Las consultas de b\\u00fasqueda en el motor de b\\u00fasqueda predeterminado podr\\u00edan parecer haber sido la URL navegada actualmente si la consulta de b\\u00fasqueda en s\\u00ed fuera una URL bien formada. Esto podr\\u00eda haber llevado a que un sitio suplantara a otro si se hubiera configurado maliciosamente como motor de b\\u00fasqueda predeterminado. Esta vulnerabilidad afecta a Firefox \u0026lt; 117.\"}]",
"id": "CVE-2023-4579",
"lastModified": "2024-11-21T08:35:28.300",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}]}",
"published": "2023-09-11T09:15:09.407",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"source\": \"security@mozilla.org\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-34/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-34/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-4579\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-09-11T09:15:09.407\",\"lastModified\":\"2024-11-21T08:35:28.300\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117.\"},{\"lang\":\"es\",\"value\":\"Las consultas de b\u00fasqueda en el motor de b\u00fasqueda predeterminado podr\u00edan parecer haber sido la URL navegada actualmente si la consulta de b\u00fasqueda en s\u00ed fuera una URL bien formada. Esto podr\u00eda haber llevado a que un sitio suplantara a otro si se hubiera configurado maliciosamente como motor de b\u00fasqueda predeterminado. Esta vulnerabilidad afecta a Firefox \u0026lt; 117.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"117.0\",\"matchCriteriaId\":\"97397EB0-B9CD-4C1F-B2DC-92F03D4DC61B\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-34/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-34/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-34/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:31:06.614Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4579\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-11T17:51:58.817052Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-11T17:53:07.534Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Malte J\\u00fcrgens\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"117\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1842766\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-34/\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Persisted search terms were formatted as URLs\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2024-01-07T11:07:05.826Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-4579\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:14:11.060Z\", \"dateReserved\": \"2023-08-29T03:36:51.046Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-09-11T08:01:28.695Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}