Information Disclosure in Firefox for Android by Mozilla
CVE-2023-29546

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For Android; Focus For Android
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-29546?

A vulnerability in Firefox for Android and Focus for Android allows for the leakage of sensitive information when users record their screen while in Private Browsing mode. Specifically, the address bar and keyboard are not hidden during screen recording, potentially exposing personal data to unauthorized viewers. This issue affects versions prior to 112 and has not been reported on other operating systems.

Affected Version(s)

Firefox for Android < 112

Focus for Android < 112

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1780842

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Apr 7, 2023

Credit

Irwan