CVE-2023-5726 - Vulnerability Details

Vendors	Products
Apple	Macos
Mozilla	Firefox Firefox Esr Thunderbird

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1846205
https://nvd.nist.gov/vuln/detail/CVE-2023-5726
https://www.cve.org/CVERecord?id=CVE-2023-5726
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
https://www.mozilla.org/security/advisories/mfsa2023-45/
https://www.mozilla.org/security/advisories/mfsa2023-46/
https://www.mozilla.org/security/advisories/mfsa2023-47/

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5726", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-10-23T17:22:05.596Z", "datePublished": "2023-10-24T12:47:12.536Z", "dateUpdated": "2024-09-11T18:53:48.932Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "119", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "115.4.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. <br>*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1."}]}], "problemTypes": [{"descriptions": [{"description": "Full screen notification obscured by file open dialog on macOS", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/"}], "credits": [{"lang": "en", "value": "Edgar Chen and Hafiizh"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-10-24T21:06:49.458Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.716Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T18:53:41.235280Z", "id": "CVE-2023-5726", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:53:48.932Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-5726 (string)

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

state : PUBLISHED (string)

assignerShortName : mozilla (string)

dateReserved : 2023-10-23T17:22:05.596Z (string)

datePublished : 2023-10-24T12:47:12.536Z (string)

dateUpdated : 2024-09-11T18:53:48.932Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

product : Firefox (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 119 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : Firefox ESR (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 115.4 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

product : Thunderbird (string)

vendor : Mozilla (string)

versions : [ »

0 : { »

lessThan : 115.4.1 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

base64 : false (boolean)

value : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. <br>*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Full screen notification obscured by file open dialog on macOS (string)

lang : en (string)

type : text (string)

}

]

}

]

references : [ »

0 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : Edgar Chen and Hafiizh (string)

}

]

providerMetadata : { »

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

dateUpdated : 2023-10-24T21:06:49.458Z (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T08:07:32.716Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-11T18:53:41.235280Z (string)

id : CVE-2023-5726 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T18:53:48.932Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:32.716Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5726", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T18:53:41.235280Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T18:53:44.881Z"}}], "cna": {"credits": [{"lang": "en", "value": "Edgar Chen and Hafiizh"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "119", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.4", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.4.1", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-45/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-46/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-47/"}], "descriptions": [{"lang": "en", "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "supportingMedia": [{"type": "text/html", "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. <br>*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Full screen notification obscured by file open dialog on macOS"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-10-24T21:06:49.458Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5726", "state": "PUBLISHED", "dateUpdated": "2024-09-11T18:53:48.932Z", "dateReserved": "2023-10-23T17:22:05.596Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2023-10-24T12:47:12.536Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T08:07:32.716Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-5726 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-11T18:53:41.235280Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-11T18:53:44.881Z (string)

}

]

cna : { »

credits : [ »

0 : { »

lang : en (string)

value : Edgar Chen and Hafiizh (string)

}

]

affected : [ »

0 : { »

vendor : Mozilla (string)

product : Firefox (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 119 (string)

versionType : custom (string)

}

]

}

1 : { »

vendor : Mozilla (string)

product : Firefox ESR (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 115.4 (string)

versionType : custom (string)

}

]

}

2 : { »

vendor : Mozilla (string)

product : Thunderbird (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 115.4.1 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

}

1 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

}

2 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

}

3 : { »

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. <br>*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : Full screen notification obscured by file open dialog on macOS (string)

}

]

}

]

providerMetadata : { »

orgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

shortName : mozilla (string)

dateUpdated : 2023-10-24T21:06:49.458Z (string)

}

cveMetadata : { »

cveId : CVE-2023-5726 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-11T18:53:48.932Z (string)

dateReserved : 2023-10-23T17:22:05.596Z (string)

assignerOrgId : f16b083a-5664-49f3-a51e-8d479e5ed7fe (string)

datePublished : 2023-10-24T12:47:12.536Z (string)

assignerShortName : mozilla (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4", "versionEndExcluding": "119.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E", "versionEndExcluding": "115.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2", "versionEndExcluding": "115.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1."}, {"lang": "es", "value": "Un sitio web podr\u00eda haber oscurecido la notificaci\u00f3n de pantalla completa utilizando el cuadro de di\u00e1logo de apertura de archivo. Esto podr\u00eda haber generado confusi\u00f3n en los usuarios y posibles ataques de suplantaci\u00f3n de identidad. *Nota: Este problema solo afect\u00f3 a los sistemas operativos macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1."}], "id": "CVE-2023-5726", "lastModified": "2024-11-21T08:42:22.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:44.213", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CEB4CF7F-BEB2-4B06-962E-88A3995F19D4 (string)

versionEndExcluding : 119.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 824ABA9E-88FF-4933-BBD8-2BFFF914739E (string)

versionEndExcluding : 115.4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B50AE0E-325C-422E-8622-7A479CB51DF2 (string)

versionEndExcluding : 115.4.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 387021A0-AF36-463C-A605-32EA7DAC172E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

}

1 : { »

lang : es (string)

value : Un sitio web podría haber oscurecido la notificación de pantalla completa utilizando el cuadro de diálogo de apertura de archivo. Esto podría haber generado confusión en los usuarios y posibles ataques de suplantación de identidad. *Nota: Este problema solo afectó a los sistemas operativos macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. (string)

}

]

id : CVE-2023-5726 (string)

lastModified : 2024-11-21T08:42:22.020 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-10-25T18:17:44.213 (string)

references : [ »

0 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

}

1 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

}

2 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

}

3 : { »

source : security@mozilla.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Vendor Advisory (string)

]

url : https://bugzilla.mozilla.org/show_bug.cgi?id=1846205 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-45/ (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-46/ (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.mozilla.org/security/advisories/mfsa2023-47/ (string)

}

]

sourceIdentifier : security@mozilla.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Edgar Chen and Hafiizh as the original reporter.", "bugzilla": {"description": "Mozilla: Full screen notification obscured by file open dialog on macOS", "id": "2245901", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245901"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-356", "details": ["A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. \n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.\n*Note: This issue only affected macOS operating systems. Other operating systems are unaffected.*"], "name": "CVE-2023-5726", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5726\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5726\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Edgar Chen and Hafiizh as the original reporter. (string)

bugzilla : { »

description : Mozilla: Full screen notification obscured by file open dialog on macOS (string)

id : 2245901 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2245901 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 6.1 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

status : draft (string)

}

cwe : CWE-356 (string)

details : [ »

0 : A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. (string)

1 : The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* (string)

]

name : CVE-2023-5726 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)