Fullscreen Notification Obfuscation in Firefox and Focus for Android
CVE-2023-29534

9.1CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox For Android; Focus For Android
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-29534?

This vulnerability involves various techniques that could obscure the fullscreen notification in the Firefox browser and Focus app for Android. Such obfuscation can result in potential user confusion, making them susceptible to spoofing attacks. It specifically affects versions of Firefox for Android and Focus for Android that are below version 112, posing risks as users may misinterpret the legitimacy of notifications presented to them.

Affected Version(s)

Firefox for Android < 112

Focus for Android < 112

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1816007

https://bugzilla.mozilla.org/show_bug.cgi?id=1816059

https://bugzilla.mozilla.org/show_bug.cgi?id=1821155

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Apr 7, 2023

Credit

Shaheen Fazim and Hafiizh

Mozilla

What is CVE-2023-29534?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit