DEBIAN-CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

Design/Logic Flaw

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

CVE-2023-6867

CVE-2023-6867 describes a clickjacking-related issue where the timing between a button click and a popup’s disappearance matched the anti-clickjacking delay on permission prompts. Affected software includes Firefox ESR versions older than 115.6 and Firefox versions older than 121. Multiple connec...

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

CVE-2023-6867

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerabili...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-353-02)

The version of mozilla-firefox installed on the remote host is prior to 115.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-353-02 advisory. - The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with th...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation. A security vulnerability exists in Mozilla Firefox, which originates from a clickjacking vulnerability. An attacker can exploit the vulnerability to trick users into clicking an authorization button. Affected products and...

Mozilla Firefox < 121.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 121.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-56 advisory. - Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we...

Mozilla Firefox ESR < 115.6

The version of Firefox ESR installed on the remote Windows host is prior to 115.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-54 advisory. - Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

Design/Logic Flaw

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

CVE-2023-4958 Stackrox: missing http security headers allows for clickjacking in web ui

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

CVE-2023-4958

CVE-2023-4958 affects Red Hat Advanced Cluster Security (RHACS). The vulnerability is that some security-related HTTP headers are missing in RHACS web UI, enabling a clickjacking-style attack where an attacker entices a valid RHACS user to visit a malicious page that redirects to RHACS endpoints,...

Red Hat stackrox Security Vulnerabilities

Red Hat stackrox is a full lifecycle Kubernetes security solution from Red Hat. It allows you to detect, manage, and mitigate security risks, such as misconfigurations, and vulnerabilities CVEs. A security vulnerability exists in Red Hat stackrox that stems from a missing HTTP header, leading to ...

MGASA-2023-0342 Updated firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

MGASA-2023-0343 Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...

Updated thunderbird packages fix security vulnerabilities

The updated packages fix security vulnerabilities. Out-of-bound memory access in WebGL2 blitFramebuffer. CVE-2023-6204 Use-after-free in MessagePort::Entangled. CVE-2023-6205 Clickjacking permission prompts using the fullscreen transition. CVE-2023-6206 Use-after-free in...