CVE-2023-29540

CVSS v3.1 6.1 (Medium)

EPSS 0.08 % (33^th)

Affected Products 2

Advisories 3

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

Weaknesses

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-06-02 17:15:12
(15 months ago)
Updated Date: 2023-06-09 03:56:51
(15 months ago)

Affected Products

Mozilla

Firefox
Focus

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 112.0 version	cpe:2.3:a:mozilla:firefox	< 112.0
Mozilla Firefox for Android prior 112.0 version	cpe:2.3:a:mozilla:firefox::::::android	< 112.0
Mozilla Focus for Android prior 112.0 version	cpe:2.3:a:mozilla:focus::::::android	< 112.0