PT-2023-7115 · Mozilla+4 · Firefox+4

Muneaki Nishimura

Publicado

2023-11-20

Atualizado

2025-03-21

CVE-2023-6211

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 120

Description The issue is related to the HTTPS-only mode in Firefox, where an attacker could trick a user into granting an HTTPS-only exception by getting them to participate in a clicking game, if the user had enabled HTTPS-only mode and was loading an insecure HTTP page. This could allow a remote attacker to conduct a clickjacking attack by exploiting errors in the user interface's information presentation.

Recommendations For versions prior to 120, update to version 120 or later to resolve the issue. As a temporary workaround, consider avoiding participation in clicking games or other interactive elements when loading insecure HTTP pages in HTTPS-only mode. Restrict access to insecure HTTP pages to minimize the risk of exploitation.

Exploit

Correção

Clickjacking

UI Misrepresentation of Critical Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1021CWE-451CWE-450

Identificadores relacionados

ALT-PU-2023-7473

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-08142

CVE-2023-6211

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2024:13468-1

OPENSUSE-SU-2024:14572-1

USN-6509-1

USN-6509-2

Produtos afetados

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-7115 · Mozilla+4 · Firefox+4

CVE-2023-6211

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1944