HTML Template Injection Vulnerability in Firefox for iOS by Mozilla
CVE-2023-49061

6.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox for iOS
Vendor: CVE Published:; 21 November 2023

What is CVE-2023-49061?

A vulnerability has been identified in Firefox for iOS that allows an attacker to exploit HTML template injection through Reader Mode. This can lead to unauthorized access to user information, potentially compromising sensitive data. Users of Firefox for iOS versions prior to 120 are particularly at risk. Ensuring your browser is updated is recommended to mitigate exposure to this security issue.

Affected Version(s)

Firefox for iOS < 120

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1861420

https://www.mozilla.org/security/advisories/mfsa2023-51/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2023
Vulnerability Reserved
Nov 20, 2023

Credit

Muneaki Nishimura