Upstream information
Description
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | Required |
Scope | Unchanged |
Confidentiality Impact | None |
Integrity Impact | Low |
Availability Impact | None |
CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2024:14572-1, published Fri Dec 13 18:51:22 2024
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10600 openSUSE-Tumbleweed-2024-14572 |
SUSE Timeline for this CVE
CVE page created: Wed Dec 9 09:05:01 2020CVE page last modified: Fri Dec 13 19:59:26 2024