6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.2%
The timing of a button click causing a popup to disappear was approximately
the same length as the anti-clickjacking delay on permission prompts. It
was possible to use this fact to surprise users by luring them to click
where the permission grant button would be about to appear. This
vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | firefox | < 121.0+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | mozjs102 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
bugzilla.mozilla.org/show_bug.cgi?id=1863863
launchpad.net/bugs/cve/CVE-2023-6867
nvd.nist.gov/vuln/detail/CVE-2023-6867
security-tracker.debian.org/tracker/CVE-2023-6867
ubuntu.com/security/notices/USN-6562-1
www.cve.org/CVERecord?id=CVE-2023-6867
www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
www.mozilla.org/security/advisories/mfsa2023-54/
www.mozilla.org/security/advisories/mfsa2023-56/
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.2%