PT-2023-7293 · Mozilla+4 · Firefox+4

Godson Bastin

Published

2023-11-21

Updated

2025-03-21

CVE-2023-6210

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 120

Description The issue is related to a browser vulnerability that can lead to the redirection of URLs to untrusted sites, potentially allowing remote attackers to conduct phishing attacks using specially crafted malicious links. It is also noted that when an HTTPS web page creates a pop-up from a "javascript:" URL, the pop-up is incorrectly allowed to load blockable content, such as iframes from insecure HTTP URLs.

Recommendations For versions prior to 120, update to version 120 or later to resolve the issue. As a temporary workaround, consider restricting the use of pop-ups from "javascript:" URLs to minimize the risk of exploitation. Avoid using insecure HTTP URLs in iframes within HTTPS web pages until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2023-7473

ALT-PU-2023-7760

ALT-PU-2023-7774

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-08321

CVE-2023-6210

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2024:13468-1

OPENSUSE-SU-2024:14572-1

USN-6509-1

USN-6509-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2023-7293 · Mozilla+4 · Firefox+4

CVE-2023-6210

Weakness Enumeration

Related Identifiers

Affected Products

References · 1941