PT-2023-4135 · Mozilla+10 · Firefox+10

Axel Chong

+1

·

Published

2023-08-01

·

Updated

2024-12-12

·

CVE-2023-4047

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1
Description A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This issue is related to incorrect handling of insufficient permissions due to an error in the calculation of the delay of popup notifications, which may allow a remote attacker to conduct clickjacking attacks.
Recommendations For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-275CWE-280

Related Identifiers

ALSA-2023:4462
ALSA-2023:4468
ALSA-2023:4497
ALSA-2023:4499
ALT-PU-2023-5754
ALT-PU-2023-5836
ALT-PU-2023-6436
ALT-PU-2024-13898
ALT-PU-2024-14035
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4241
ALT-PU-2024-4748
BDU:2023-04444
CESA-2023_4468
CESA-2023_4497
CVE-2023-4047
DLA-3521-1
DLA-3523-1
DSA-5464-1
DSA-5469-1
MGASA-2023-0266
OESA-2023-1671
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2023_3162-1
OPENSUSE-SU-2023_3228-1
OPENSUSE-SU-2024:13091-1
OPENSUSE-SU-2024:13124-1
OPENSUSE-SU-2024:13133-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:4460
RHSA-2023:4461
RHSA-2023:4462
RHSA-2023:4463
RHSA-2023:4464
RHSA-2023:4465
RHSA-2023:4468
RHSA-2023:4469
RHSA-2023:4492
RHSA-2023:4493
RHSA-2023:4494
RHSA-2023:4495
RHSA-2023:4496
RHSA-2023:4497
RHSA-2023:4499
RHSA-2023:4500
RHSA-2023_4461
RHSA-2023_4462
RHSA-2023_4468
RHSA-2023_4495
RHSA-2023_4497
RHSA-2023_4499
RLSA-2023:4462
RLSA-2023:4468
RLSA-2023:4497
RLSA-2023:4499
ROSA-SA-2023-2232
ROSA-SA-2023-2233
SUSE-SU-2023:3161-1
SUSE-SU-2023:3162-1
SUSE-SU-2023:3163-1
SUSE-SU-2023:3228-1
SUSE-SU-2023_3161-1
SUSE-SU-2023_3162-1
SUSE-SU-2023_3163-1
USN-6267-1
USN-6267-2
USN-6267-3
USN-6333-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu