CVE-2023-6211

{"id": "CVE-2023-6211", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-11-21T15:15:08.057", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200", "tags": ["Issue Tracking", "Permissions Required"], "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/202401-10", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200", "tags": ["Issue Tracking", "Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202401-10", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120."}, {"lang": "es", "value": "Si un atacante necesitaba que un usuario cargara una p\u00e1gina http: insegura y sab\u00eda que el usuario hab\u00eda habilitado el modo solo HTTPS, el atacante podr\u00eda haber enga\u00f1ado al usuario para que hiciera clic para otorgar una excepci\u00f3n solo HTTPS si pudiera lograr que el usuario participara en una juego de clics. Esta vulnerabilidad afecta a Firefox &lt; 120."}], "lastModified": "2024-11-21T08:43:22.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2", "versionEndExcluding": "120.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}