FKIE_CVE-2023-4579

Vulnerability from fkie_nvd - Published: 2023-09-11 09:15 - Updated: 2024-11-21 08:35
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
References
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=1842766Issue Tracking, Permissions Required
security@mozilla.orghttps://security.gentoo.org/glsa/202401-10
security@mozilla.orghttps://www.mozilla.org/security/advisories/mfsa2023-34/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=1842766Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-10
af854a3a-2127-422b-91ae-364da2661108https://www.mozilla.org/security/advisories/mfsa2023-34/Vendor Advisory
Impacted products
Vendor Product Version
mozilla firefox *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97397EB0-B9CD-4C1F-B2DC-92F03D4DC61B",
              "versionEndExcluding": "117.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox \u003c 117."
    },
    {
      "lang": "es",
      "value": "Las consultas de b\u00fasqueda en el motor de b\u00fasqueda predeterminado podr\u00edan parecer haber sido la URL navegada actualmente si la consulta de b\u00fasqueda en s\u00ed fuera una URL bien formada. Esto podr\u00eda haber llevado a que un sitio suplantara a otro si se hubiera configurado maliciosamente como motor de b\u00fasqueda predeterminado. Esta vulnerabilidad afecta a Firefox \u0026lt; 117."
    }
  ],
  "id": "CVE-2023-4579",
  "lastModified": "2024-11-21T08:35:28.300",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-11T09:15:09.407",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://security.gentoo.org/glsa/202401-10"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-34/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.