CVE-2023-6867

{"id": "CVE-2023-6867", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-12-19T14:15:07.933", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863863", "tags": ["Issue Tracking", "Permissions Required"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.debian.org/security/2023/dsa-5581", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863863", "tags": ["Issue Tracking", "Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2023/dsa-5581", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-54/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121."}, {"lang": "es", "value": "El timing en el que se hace clic en un bot\u00f3n que provoca la desaparici\u00f3n de una ventana emergente era aproximadamente de la misma duraci\u00f3n que el retraso anti-clickjacking en las solicitudes de permiso. Era posible utilizar este hecho para sorprender a los usuarios atray\u00e9ndolos a hacer clic en el lugar donde el bot\u00f3n de concesi\u00f3n de permiso estar\u00eda a punto de aparecer. Esta vulnerabilidad afecta a Firefox ESR &lt;115.6 y Firefox &lt;121."}], "lastModified": "2024-11-21T08:44:43.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919", "versionEndExcluding": "121.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B36C5E-77B7-4FBF-8B7A-6F794C8B8B2B", "versionEndExcluding": "115.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}