Mozilla Fixes Partial Obscuration of Security Prompts Vulnerability in Firefox
CVE-2024-7523

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 6 August 2024

Summary

A vulnerability in Firefox for Android allows a malicious website to partially obscure security prompts, potentially tricking users into unintentionally granting permissions. This issue specifically impacts versions of Firefox below 129, compromising user security and privacy by enabling attackers to manipulate how permissions are presented to users.

Affected Version(s)

Firefox < 129

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1908344

https://www.mozilla.org/security/advisories/mfsa2024-33/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Aug 5, 2024

Credit

Shaheen Fazim