Rewterz Threat Update – Crypto Scammers Capitalize Israel War Against Palestine With Donation Fraud
October 25, 2023Rewterz Threat Advisory – Multiple VMware vCenter and Cloud Foundation Vulnerabilities
October 25, 2023Rewterz Threat Update – Crypto Scammers Capitalize Israel War Against Palestine With Donation Fraud
October 25, 2023Rewterz Threat Advisory – Multiple VMware vCenter and Cloud Foundation Vulnerabilities
October 25, 2023Severity
Medium
Analysis Summary
CVE-2023-5758 CVSS:6.5
Mozilla Firefox for iOS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when opening a page in reader mode. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-5732 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by the creation of a malicious link using bidirectional characters. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the location in the address bar when visited.
CVE-2023-5731 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-5730 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2023-5729 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by obscuring the full screen notification by using WebAuthn prompts. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-5728 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by improper object tracking during GC in the JavaScript engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2023-5727 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to present the executable file warning when downloading .msix, .msixbundle, .appx, and .appxbundle files. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass download protections.
CVE-2023-5726 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct spoofing attacks, caused by obscuring the full screen notification by using the file open dialog. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2023-5725 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the use of a malicious installed WebExtension to open arbitrary URLs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to collect sensitive user data.
CVE-2023-5724 CVSS:6.5
Mozilla Firefox is vulnerable to a denial of service, caused by extremely large WebGL draw calls. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to cause the browser to crash.
CVE-2023-5723 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by setting a cookie containing invalid characters using document.cookie. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5722 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a cross-origin size and header leakage. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.
CVE-2023-5721 CVSS:6.5
Mozilla Firefox could allow a remote attacker to conduct clickjacking attack, caused by an insufficient activation-delay. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to hijack the clicking actions of another user.
Impact
- enial of Service
- Cross-Site Scripting
- Information Theft
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-5758
- CVE-2023-5732
- CVE-2023-5731
- CVE-2023-5730
- CVE-2023-5729
- CVE-2023-5728
- CVE-2023-5727
- CVE-2023-5726
- CVE-2023-5725
- CVE-2023-5724
- CVE-2023-5723
- CVE-2023-5722
- CVE-2023-5721
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox for iOS 118
- Mozilla Firefox ESR 115.3
- Mozilla Thunderbird 115.3
- Mozilla Firefox 118
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.