{"api_version":"1","generated_at":"2026-04-23T00:40:53+00:00","cve":"CVE-2023-37204","urls":{"html":"https://cve.report/CVE-2023-37204","api":"https://cve.report/api/cve/CVE-2023-37204.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-37204","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-37204"},"summary":{"title":"CVE-2023-37204","description":"A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-07-05 10:15:00","updated_at":"2024-01-07 11:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-22/","name":"https://www.mozilla.org/security/advisories/mfsa2023-22/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 115 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1832195","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1832195","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202401-10","name":"https://security.gentoo.org/glsa/202401-10","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-37204","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37204","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"37204","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-37204","qid":"199447","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-6201-1)"},{"cve":"CVE-2023-37204","qid":"356892","title":"Amazon Linux Security Advisory for firefox : ALAS2FIREFOX-2023-017"},{"cve":"CVE-2023-37204","qid":"378630","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2023-22)"},{"cve":"CVE-2023-37204","qid":"503457","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-37204","qid":"506065","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-37204","qid":"710830","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202401-10)"},{"cve":"CVE-2023-37204","qid":"754172","title":"SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2850-1)"},{"cve":"CVE-2023-37204","qid":"754173","title":"SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2849-1)"},{"cve":"CVE-2023-37204","qid":"754193","title":"SUSE Enterprise Linux Security Update for MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2023:2886-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-37204","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Fullscreen notification obscured via option element"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"115"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1832195","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1832195"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-22/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-22/"}]},"credits":[{"lang":"en","value":"Irvan Kurniawan"}]},"nvd":{"publishedDate":"2023-07-05 10:15:00","lastModifiedDate":"2024-01-07 11:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"115.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}