3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
0.001 Low
EPSS
Percentile
28.1%
firefox and thunderbird are vulnerable to Denial of Service (DoS) attacks. This vulnerability occurs due to a missing activation delay on the error page for sites with invalid TLS certificates. An attacker can exploit this vulnerability by creating a malicious website that contains a crafted iframe. When a victim visits the malicious website, the iframe will be displayed on top of the Firefox error page. If the victim clicks on a button in the iframe, the click will be redirected to the malicious website, even though the error page is still visible. This can be used to trick the victim into performing actions that they would not otherwise do.
bugzilla.mozilla.org/show_bug.cgi?id=1695986
security-tracker.debian.org/tracker/CVE-2023-34414
security.gentoo.org/glsa/202312-03
security.gentoo.org/glsa/202401-10
www.mozilla.org/security/advisories/mfsa2023-19/
www.mozilla.org/security/advisories/mfsa2023-20/
www.mozilla.org/security/advisories/mfsa2023-21/