Rewterz Threat Advisory – Multiple Cisco Webex Meetings Vulnerabilities
July 6, 2023Rewterz Threat Advisory – CVE-2023-20210 – Cisco BroadWorks Vulnerability
July 6, 2023Rewterz Threat Advisory – Multiple Cisco Webex Meetings Vulnerabilities
July 6, 2023Rewterz Threat Advisory – CVE-2023-20210 – Cisco BroadWorks Vulnerability
July 6, 2023Severity
High
Analysis Summary
CVE-2023-37210 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by preventing a user from exiting full-screen mode using alert and prompt calls. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-37209 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in in NotifyOnHistoryReload. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-37205 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the use of RTL Arabic characters in the address bar. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL.
CVE-2023-37204 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the fullscreen notification using an option element. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-3482 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the storing of data in localstorage by using an iframe with a source of ‘about:blank’. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to store tracking data without permission.
CVE-2023-37207 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the obscuring of the fullscreen notification. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-37211 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-37203 CVSS:7.8
Mozilla FireFox could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation in the Drag and Drop API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-37206 CVSS:6.5
Mozilla FireFox could allow a remote attacker to launch a symlink attack, caused by insufficient validation of symlinks in the FileSystem API. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to submit sensitive data.
CVE-2023-37208 CVSS:7.8
Mozilla FireFox could allow a remote attacker to execute arbitrary code on the system, caused by lack of warning when opening Diagcab files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system.
CVE-2023-37212 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
- Information Disclosure
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-37210
- CVE-2023-37209
- CVE-2023-37205
- CVE-2023-37204
- CVE-2023-3482
- CVE-2023-37207
- CVE-2023-37211
- CVE-2023-37203
- CVE-2023-37206
- CVE-2023-37208
- CVE-2023-37212
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 114
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.