PT-2023-7293 · Mozilla+4 · Firefox+4

Godson Bastin

Publicado

2023-11-21

Atualizado

2025-03-21

CVE-2023-6210

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 120

Description The issue is related to a browser vulnerability that can lead to the redirection of URLs to untrusted sites, potentially allowing remote attackers to conduct phishing attacks using specially crafted malicious links. It is also noted that when an HTTPS web page creates a pop-up from a "javascript:" URL, the pop-up is incorrectly allowed to load blockable content, such as iframes from insecure HTTP URLs.

Recommendations For versions prior to 120, update to version 120 or later to resolve the issue. As a temporary workaround, consider restricting the use of pop-ups from "javascript:" URLs to minimize the risk of exploitation. Avoid using insecure HTTP URLs in iframes within HTTPS web pages until the issue is resolved.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

ALT-PU-2023-7473

ALT-PU-2023-7760

ALT-PU-2023-7774

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-08321

CVE-2023-6210

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2024:13468-1

OPENSUSE-SU-2024:14572-1

USN-6509-1

USN-6509-2

Produtos afetados

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-7293 · Mozilla+4 · Firefox+4

CVE-2023-6210

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1941