Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Cisco Webex Meetings Vulnerabilities
July 6, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-20210 – Cisco BroadWorks Vulnerability
July 6, 2023

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-37210 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by preventing a user from exiting full-screen mode using alert and prompt calls. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2023-37209 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in in NotifyOnHistoryReload. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-37205 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the use of RTL Arabic characters in the address bar. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL.

CVE-2023-37204 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the fullscreen notification using an option element. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2023-3482 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the storing of data in localstorage by using an iframe with a source of ‘about:blank’. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to store tracking data without permission.

CVE-2023-37207 CVSS:6.5

Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the fullscreen notification. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.

CVE-2023-37211 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-37203 CVSS:7.8

Mozilla FireFox could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation in the Drag and Drop API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2023-37206 CVSS:6.5

Mozilla FireFox could allow a remote attacker to launch a symlink attack, caused by insufficient validation of symlinks in the FileSystem API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to submit sensitive data.

CVE-2023-37208 CVSS:7.8

Mozilla FireFox could allow a remote attacker to execute arbitrary code on the system, caused by lack of warning when opening Diagcab files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system.

CVE-2023-37212 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

  • Code Execution
  • Information Disclosure
  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2023-37210
  • CVE-2023-37209
  • CVE-2023-37205
  • CVE-2023-37204
  • CVE-2023-3482
  • CVE-2023-37207
  • CVE-2023-37211
  • CVE-2023-37203
  • CVE-2023-37206
  • CVE-2023-37208
  • CVE-2023-37212

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox 114

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

Mozilla Foundation Security Advisory