CVE-2023-4579

EUVD-2023-54433
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 117.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
133.0.3-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
bionic
ignored
focal
Fixed 117.0+build2-0ubuntu0.20.04.1
released
jammy
not-affected
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
ignored
mozjs102
bionic
dne
focal
dne
jammy
ignored
lunar
ignored
mantic
ignored
noble
ignored
trusty
dne
xenial
dne
mozjs38
bionic
ignored
focal
dne
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
mozjs52
bionic
ignored
focal
ignored
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
mozjs68
bionic
dne
focal
ignored
jammy
dne
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
mozjs78
bionic
dne
focal
dne
jammy
ignored
lunar
ignored
mantic
dne
noble
dne
trusty
dne
xenial
dne
mozjs91
bionic
dne
focal
dne
jammy
ignored
lunar
dne
mantic
dne
noble
dne
trusty
dne
xenial
dne
thunderbird
bionic
ignored
focal
not-affected
jammy
not-affected
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
ignored
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1842766
https://security.gentoo.org/glsa/202401-10
https://www.mozilla.org/security/advisories/mfsa2023-34/
https://bugzilla.mozilla.org/show_bug.cgi?id=1842766
https://security.gentoo.org/glsa/202401-10
https://www.mozilla.org/security/advisories/mfsa2023-34/