CVE-2023-5729: Obscuring the Fullscreen Notification with WebAuthn Prompt in Firefox

Recently, it has come to our attention that a new vulnerability, dubbed CVE-2023-5729, is affecting Firefox < 119. This vulnerability allows a malicious website to enter fullscreen mode while simultaneously triggering a WebAuthn prompt, which could obscure the fullscreen notification and be leveraged in a spoofing attack in vulnerable Firefox versions. In this post, we will discuss the exploit details, proof of concept code, and necessary mitigation steps.

Exploit Details

When a website enters fullscreen mode, a fullscreen notification is displayed to alert the user. However, this vulnerability allows an attacker to trigger a WebAuthn request immediately after entering fullscreen mode. As a result, the fullscreen notification is obscured by the WebAuthn prompt, leaving users unaware that the website is in fullscreen mode.

This vulnerability can be abused by an attacker to create a fake website that appears similar to a legitimate website, such as a banking website or online store. When unsuspecting users visit the fake website, the attacker could take advantage of CVE-2023-5729 to trick users into providing sensitive information such as login credentials, credit card numbers, or other personal data.

Consider the following code snippet, illustrating how the vulnerability can be exploited

// JavaScript code to exploit CVE-2023-5729
function exploitCVE20235729() {
  let options = {
    challenge: new Uint8Array(32)
  };

  document.documentElement.requestFullscreen().then(() => {
    navigator.credentials.create({publicKey: options});
  });
}

// Trigger the exploit
exploitCVE20235729();

This code will first request fullscreen mode, and upon entering fullscreen mode, trigger the WebAuthn request, obscuring the fullscreen notification behind the WebAuthn prompt.

For more information regarding the vulnerability, you can refer to the following resources

1. Mozilla Foundation Security Advisory 2023-10 (MFSA2023-10): https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/
2. CVE-2023-5729 vulnerability information on NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-5729

Mitigation Steps

In order to protect against this vulnerability, it is recommended that users update their Firefox browser to version 119 or higher. This can be done through the built-in update mechanism or by downloading the latest version from the official Firefox download page.

Furthermore, users should be cautious when visiting unfamiliar websites and look out for signs of spoofing or phishing, such as spelling errors, unusual URLs, or suspicious website designs. In general, make sure to stay informed about the latest security threats and vulnerabilities to maintain a secure online presence.

Conclusion

CVE-2023-5729 is a significant vulnerability that can be exploited in phishing and spoofing attacks. Users should ensure they are running an updated version of Firefox to prevent this vulnerability from being exploited. By staying informed and cautious, users can reduce the risk of falling victim to cyberattacks and maintain a secure online experience.

Timeline

Published on: 10/25/2023 18:17:44 UTC
Last modified on: 11/01/2023 19:53:53 UTC