CVE-2023-6867

CVSS v3.1 6.1 (Medium)

EPSS 0.05 % (22^th)

Affected Products 3

Advisories 19

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Weaknesses

CWE-1021: Improper Restriction of Rendered UI Layers or Frames

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2023-12-19 14:15:07
(9 months ago)
Updated Date: 2024-02-02 02:35:33
(7 months ago)

Affected Products

Debian

Debian Linux

Mozilla

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 121.0 version	cpe:2.3:a:mozilla:firefox		< 121.0
	Mozilla Firefox Esr prior 115.6 version	cpe:2.3:a:mozilla:firefox_esr		< 115.6

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0
	Debian Linux 12.0	cpe:2.3:o:debian:debian_linux:12.0