CVE-2023-6867
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-6867
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6867.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-6867
- Related
- Published
- 2023-12-19T14:15:07Z
- Modified
- 2024-09-11T04:58:59.516883Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
- References
-
- https://security.gentoo.org/glsa/202401-10
- https://www.debian.org/security/2023/dsa-5581
- https://www.mozilla.org/security/advisories/mfsa2023-54/
- https://www.mozilla.org/security/advisories/mfsa2023-56/
- https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1863863
- https://security-tracker.debian.org/tracker/CVE-2023-6867
Affected packages
Debian:11 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed115.6.0esr-1~deb11u1
Affected versions
78.*
78.12.0esr-1
78.13.0esr-1~deb9u1
78.13.0esr-1~deb10u1
78.13.0esr-1~deb11u1
78.13.0esr-1
78.14.0esr-1~deb9u1
78.14.0esr-1~deb10u1
78.14.0esr-1~deb11u1
78.14.0esr-1
78.15.0esr-1~deb9u1
78.15.0esr-1~deb10u1
78.15.0esr-1~deb11u1
91.*
91.0esr-1
91.0.1esr-1
91.1.0esr-1
91.2.0esr-1
91.3.0esr-1
91.3.0esr-2
91.4.0esr-1
91.4.1esr-1~deb9u1
91.4.1esr-1~deb11u1
91.5.0esr-1~deb9u1
91.5.0esr-1~deb10u1
91.5.0esr-1~deb11u1
91.5.0esr-1
91.5.1esr-1
91.6.0esr-1~deb9u1
91.6.0esr-1~deb10u1
91.6.0esr-1~deb11u1
91.6.0esr-1
91.6.1esr-1~deb9u1
91.6.1esr-1~deb10u1
91.6.1esr-1~deb11u1
91.6.1esr-1
91.7.0esr-1~deb9u1
91.7.0esr-1~deb10u1
91.7.0esr-1~deb11u1
91.7.0esr-1
91.8.0esr-1~deb9u1
91.8.0esr-1~deb10u1
91.8.0esr-1~deb11u1
91.8.0esr-1
91.9.0esr-1~deb9u1
91.9.0esr-1~deb10u1
91.9.0esr-1~deb11u1
91.9.0esr-1
91.9.1esr-1~deb9u1
91.9.1esr-1~deb10u1
91.9.1esr-1~deb11u1
91.9.1esr-1
91.10.0esr-1~deb9u1
91.10.0esr-1~deb10u1
91.10.0esr-1~deb11u1
91.10.0esr-1
91.11.0esr-1~deb9u1
91.11.0esr-1~deb10u1
91.11.0esr-1~deb11u1
91.11.0esr-1
91.12.0esr-1~deb10u1
91.12.0esr-1~deb11u1
91.12.0esr-1
91.13.0esr-1~deb10u1
91.13.0esr-1~deb11u1
102.*
102.1.0esr-1
102.1.0esr-2
102.2.0esr-1
102.3.0esr-1~deb10u1
102.3.0esr-1~deb10u2
102.3.0esr-1~deb11u1
102.3.0esr-1
102.4.0esr-1~deb10u1
102.4.0esr-1~deb11u1
102.4.0esr-1
102.5.0esr-1~deb10u1
102.5.0esr-1~deb11u1
102.5.0esr-1
102.6.0esr-1~deb10u1
102.6.0esr-1~deb11u1
102.6.0esr-1
102.7.0esr-1~deb10u1
102.7.0esr-1~deb11u1
102.7.0esr-1
102.8.0esr-1~deb10u1
102.8.0esr-1~deb11u1
102.8.0esr-1
102.9.0esr-1~deb10u1
102.9.0esr-1~deb11u1
102.9.0esr-1
102.9.0esr-2
102.10.0esr-1~deb10u1
102.10.0esr-1~deb11u1
102.10.0esr-1
102.11.0esr-1~deb10u1
102.11.0esr-1~deb11u1
102.11.0esr-1
102.12.0esr-1~deb10u1
102.12.0esr-1~deb11u1
102.12.0esr-1~deb12u1
102.12.0esr-1
102.13.0esr-1~deb10u1
102.13.0esr-1~deb11u1
102.13.0esr-1~deb12u1
102.13.0esr-1
102.14.0esr-1~deb10u1
102.14.0esr-1~deb11u1
102.14.0esr-1~deb12u1
102.15.0esr-1~deb10u1
102.15.0esr-1~deb11u1
102.15.0esr-1~deb12u1
102.15.1esr-1~deb10u1
102.15.1esr-1~deb11u1
102.15.1esr-1~deb12u1
115.*
115.0.2esr-1
115.1.0esr-1
115.2.0esr-1
115.2.1esr-1
115.3.0esr-1~deb10u1
115.3.0esr-1~deb11u1
115.3.0esr-1~deb12u1
115.3.0esr-1
115.3.1esr-1~deb10u1
115.3.1esr-1~deb11u1
115.4.0esr-1~deb10u1
115.4.0esr-1~deb11u1
115.4.0esr-1~deb12u1
115.4.0esr-1
115.5.0esr-1~deb10u1
115.5.0esr-1~deb11u1
115.5.0esr-1~deb12u1
115.5.0esr-1
115.6.0esr-1~deb10u1
Debian:12 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed115.6.0esr-1~deb12u1
Affected versions
102.*
102.11.0esr-1
102.12.0esr-1~deb10u1
102.12.0esr-1~deb11u1
102.12.0esr-1~deb12u1
102.12.0esr-1
102.13.0esr-1~deb10u1
102.13.0esr-1~deb11u1
102.13.0esr-1~deb12u1
102.13.0esr-1
102.14.0esr-1~deb10u1
102.14.0esr-1~deb11u1
102.14.0esr-1~deb12u1
102.15.0esr-1~deb10u1
102.15.0esr-1~deb11u1
102.15.0esr-1~deb12u1
102.15.1esr-1~deb10u1
102.15.1esr-1~deb11u1
102.15.1esr-1~deb12u1
115.*
115.0.2esr-1
115.1.0esr-1
115.2.0esr-1
115.2.1esr-1
115.3.0esr-1~deb10u1
115.3.0esr-1~deb11u1
115.3.0esr-1~deb12u1
115.3.0esr-1
115.3.1esr-1~deb10u1
115.3.1esr-1~deb11u1
115.4.0esr-1~deb10u1
115.4.0esr-1~deb11u1
115.4.0esr-1~deb12u1
115.4.0esr-1
115.5.0esr-1~deb10u1
115.5.0esr-1~deb11u1
115.5.0esr-1~deb12u1
115.5.0esr-1
115.6.0esr-1~deb10u1
115.6.0esr-1~deb11u1
Debian:13 / firefox-esr
Package
- Name
- firefox-esr
- Purl
- pkg:deb/debian/firefox-esr?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed115.6.0esr-1
Affected versions
102.*
102.11.0esr-1
102.12.0esr-1~deb10u1
102.12.0esr-1~deb11u1
102.12.0esr-1~deb12u1
102.12.0esr-1
102.13.0esr-1~deb10u1
102.13.0esr-1~deb11u1
102.13.0esr-1~deb12u1
102.13.0esr-1
102.14.0esr-1~deb10u1
102.14.0esr-1~deb11u1
102.14.0esr-1~deb12u1
102.15.0esr-1~deb10u1
102.15.0esr-1~deb11u1
102.15.0esr-1~deb12u1
102.15.1esr-1~deb10u1
102.15.1esr-1~deb11u1
102.15.1esr-1~deb12u1
115.*
115.0.2esr-1
115.1.0esr-1
115.2.0esr-1
115.2.1esr-1
115.3.0esr-1~deb10u1
115.3.0esr-1~deb11u1
115.3.0esr-1~deb12u1
115.3.0esr-1
115.3.1esr-1~deb10u1
115.3.1esr-1~deb11u1
115.4.0esr-1~deb10u1
115.4.0esr-1~deb11u1
115.4.0esr-1~deb12u1
115.4.0esr-1
115.5.0esr-1~deb10u1
115.5.0esr-1~deb11u1
115.5.0esr-1~deb12u1
115.5.0esr-1
115.6.0esr-1~deb10u1
115.6.0esr-1~deb11u1
115.6.0esr-1~deb12u1