gsd - gsd-2024-0953

gsd-2024-0953

Vulnerability from gsd

Modified

2024-01-27 06:03

Details

When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content.

Aliases

CVE-2024-0953

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-0953"
      ],
      "details": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content.",
      "id": "GSD-2024-0953",
      "modified": "2024-01-27T06:03:13.637055Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2024-0953",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox for iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Firefox for iOS"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Lohith Gowda M"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:iphone_os:*:*",
                    "matchCriteriaId": "5D349D4F-3951-44D3-8891-3334DE563FDA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content."
          },
          {
            "lang": "es",
            "value": "Cuando un usuario escanea un c\u00f3digo QR con la funci\u00f3n Esc\u00e1ner de c\u00f3digo QR, no se le pregunta al usuario antes de navegar a la p\u00e1gina especificada en el c\u00f3digo. Esto puede sorprender al usuario y potencialmente dirigirlo a contenido no deseado."
          }
        ],
        "id": "CVE-2024-0953",
        "lastModified": "2024-02-09T16:38:45.380",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2024-02-05T17:15:09.320",
        "references": [
          {
            "source": "security@mozilla.org",
            "tags": [
              "Exploit",
              "Issue Tracking"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ],
        "sourceIdentifier": "security@mozilla.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-601"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cve-2024-0953

Vulnerability from cvelistv5

Published

2024-02-05 16:48

Modified

2024-10-27 22:12

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

▼	URL	Tags
	https://bugzilla.mozilla.org/show_bug.cgi?id=1837916
	https://www.mozilla.org/security/advisories/mfsa2024-36/

Impacted products

▼	Vendor	Product
	Mozilla	Firefox for iOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-0953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-05T20:24:03.153967Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-27T22:12:29.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:28.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox for iOS",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "129",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lohith Gowda M"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
            }
          ],
          "value": "When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code.  This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS \u003c 129."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "QR Code Scanner does not prompt before navigating user",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T15:55:14.502Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837916"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2024-36/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2024-0953",
    "datePublished": "2024-02-05T16:48:33.899Z",
    "dateReserved": "2024-01-26T16:12:18.955Z",
    "dateUpdated": "2024-10-27T22:12:29.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted