PT-2023-6533 · Mozilla+9 · Firefox+11

Kelsey Gilbert

·

Published

2023-10-24

·

Updated

2025-03-14

·

CVE-2023-5721

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 119 Firefox ESR versions prior to 115.4 Thunderbird versions prior to 115.4.1
Description The issue is related to an insufficient activation-delay, allowing certain browser prompts and dialogs to be activated or dismissed unintentionally by the user. This could potentially lead to a clickjacking attack, where a remote attacker could exploit the vulnerability to manipulate user interactions.
Recommendations For Firefox versions prior to 119, update to version 119 or later to resolve the issue. For Firefox ESR versions prior to 115.4, update to version 115.4 or later to resolve the issue. For Thunderbird versions prior to 115.4.1, update to version 115.4.1 or later to resolve the issue.

Exploit

Fix

UI Misrepresentation of Critical Information

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-356CWE-451CWE-1021

Related Identifiers

ALSA-2023:6187
ALSA-2023:6188
ALSA-2023:6191
ALSA-2023:6194
ALT-PU-2023-6639
ALT-PU-2023-6856
ALT-PU-2023-6883
ALT-PU-2023-6908
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-3614
ALT-PU-2024-3860
ALT-PU-2024-4748
BDU:2023-07280
CESA-2023_6187
CESA-2023_6194
CVE-2023-5721
DLA-3632-1
DLA-3637-1
DSA-5535-1
DSA-5538-1
MGASA-2023-0308
MGASA-2023-0309
OESA-2025-1265
OESA-2025-1268
OPENSUSE-SU-2023_4214-1
OPENSUSE-SU-2023_4302-1
OPENSUSE-SU-2023_4551-1
OPENSUSE-SU-2024:13356-1
OPENSUSE-SU-2024:13385-1
OPENSUSE-SU-2024:13412-1
OPENSUSE-SU-2024:14572-1
RHSA-2023:6162
RHSA-2023:6185
RHSA-2023:6186
RHSA-2023:6187
RHSA-2023:6188
RHSA-2023:6189
RHSA-2023:6191
RHSA-2023:6194
RHSA-2023:6195
RHSA-2023:6196
RHSA-2023:6197
RHSA-2023:6198
RHSA-2023:6199
RHSA-2023_6162
RHSA-2023_6187
RHSA-2023_6188
RHSA-2023_6191
RHSA-2023_6194
RLSA-2023:6188
SUSE-SU-2023:4212-1
SUSE-SU-2023:4213-1
SUSE-SU-2023:4214-1
SUSE-SU-2023:4302-1
SUSE-SU-2023:4532-1
SUSE-SU-2023:4533-1
SUSE-SU-2023:4551-1
SUSE-SU-2023_4212-1
SUSE-SU-2023_4213-1
SUSE-SU-2023_4214-1
SUSE-SU-2023_4532-1
SUSE-SU-2023_4533-1
SUSE-SU-2023_4551-1
USN-6456-1
USN-6456-2
USN-6468-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Suse
Thunderbird
Ubuntu