VDB

DEBIAN-CVE-2023-6867

DEBIAN-CVE-2023-6867 PUBLISHED CVSS 6.099999904632568 MEDIUM

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:14firefox-esr0, 0, 0
Debian:13firefox-esr0, 0, 0
Debian:11firefox-esr102.11.0esr-1, 102.11.0esr-1~deb10u1, 102.12.0esr-1
Debian:12firefox-esr102.11.0esr-1, 102.12.0esr-1, 102.12.0esr-1~deb11u1

Timeline

  • Dec 19, 2023 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›