Permission Request Prompt Overlay Vulnerability in Firefox for iOS
CVE-2023-37455

5.4MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox For iOS
Vendor: CVE Published:; 12 July 2023

Summary

A vulnerability exists in Firefox for iOS that allows for a permission request prompt to be displayed over an existing website in a different tab. This may confuse users as they could mistakenly believe they are interacting with the site in the foreground, leading to potential security risks. Affected versions include Firefox for iOS prior to version 115, highlighting the importance of keeping software updated to mitigate such risks.

Affected Version(s)

Firefox for iOS < 115

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1786934

https://www.mozilla.org/security/advisories/mfsa2023-25/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 6, 2023

Credit

Kazuki Nomoto