4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%
firefox is vulnerable to an Insufficient Activation Delay. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website or opening a malicious file. The website or file would contain a specially crafted exploit that would cause the browser to open a prompt or dialog. The exploit would then rapidly activate or dismiss the prompt or dialog without the user’s consent. This could be used to trick the user into performing an action that they do not want to perform, such as downloading a malicious file or logging into a malicious website.
bugzilla.mozilla.org/show_bug.cgi?id=1830820
lists.debian.org/debian-lts-announce/2023/10/msg00037.html
lists.debian.org/debian-lts-announce/2023/10/msg00042.html
security-tracker.debian.org/tracker/CVE-2023-5721
www.debian.org/security/2023/dsa-5535
www.debian.org/security/2023/dsa-5538
www.mozilla.org/security/advisories/mfsa2023-45/
www.mozilla.org/security/advisories/mfsa2023-46/
www.mozilla.org/security/advisories/mfsa2023-47/
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%