Fullscreen Notification Obfuscation in Firefox and Focus for Android
CVE-2023-29534

9.1CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox For Android; Focus For Android
Vendor: CVE Published:; 19 June 2023

Summary

This vulnerability involves various techniques that could obscure the fullscreen notification in the Firefox browser and Focus app for Android. Such obfuscation can result in potential user confusion, making them susceptible to spoofing attacks. It specifically affects versions of Firefox for Android and Focus for Android that are below version 112, posing risks as users may misinterpret the legitimacy of notifications presented to them.

Affected Version(s)

Firefox for Android < 112

Focus for Android < 112

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1816007

https://bugzilla.mozilla.org/show_bug.cgi?id=1816059

https://bugzilla.mozilla.org/show_bug.cgi?id=1821155

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Apr 7, 2023

Credit

Shaheen Fazim and Hafiizh