VDB
DEBIAN-CVE-2023-6867
DEBIAN-CVE-2023-6867
PUBLISHED
CVSS 6.099999904632568 MEDIUM
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | firefox-esr | 0, 0, 0 |
| Debian:13 | firefox-esr | 0, 0, 0 |
| Debian:11 | firefox-esr | 102.11.0esr-1, 102.11.0esr-1~deb10u1, 102.12.0esr-1 |
| Debian:12 | firefox-esr | 102.11.0esr-1, 102.12.0esr-1, 102.12.0esr-1~deb11u1 |
Timeline
- Dec 19, 2023 CVE Published
- Apr 28, 2026 CVE Updated