PT-2023-7937 · Mozilla+9 · Firefox+10

Hafiizh

·

Published

2023-12-19

·

Updated

2025-03-21

·

CVE-2023-6867

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 115.6 Firefox versions prior to 121
Description The issue is related to the timing of a button click causing a popup to disappear, which is approximately the same length as the anti-clickjacking delay on permission prompts. This allows an attacker to lure users into clicking where the permission grant button would be about to appear, effectively conducting a clickjacking attack. The vulnerability is associated with errors in the representation of information in the user interface.
Recommendations For Firefox ESR versions prior to 115.6, update to version 115.6 or later. For Firefox versions prior to 121, update to version 121 or later. As a temporary workaround, consider restricting access to permission prompts to minimize the risk of exploitation.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-450

Related Identifiers

ALSA-2024:0012
ALSA-2024:0025
ALT-PU-2023-8216
ALT-PU-2023-8227
ALT-PU-2023-8231
ALT-PU-2024-13898
ALT-PU-2024-15839
ALT-PU-2024-3614
BDU:2023-09018
CESA-2024_0012
CESA-2024_0026
CVE-2023-6867
DLA-3697-1
DSA-5581-1
MGASA-2024-0012
OESA-2025-1322
OESA-2025-1323
OPENSUSE-SU-2023_4928-1
OPENSUSE-SU-2024:13531-1
OPENSUSE-SU-2024:14572-1
RHSA-2024:0011
RHSA-2024:0012
RHSA-2024:0019
RHSA-2024:0021
RHSA-2024:0022
RHSA-2024:0023
RHSA-2024:0024
RHSA-2024:0025
RHSA-2024:0026
RHSA-2024_0012
RHSA-2024_0025
RHSA-2024_0026
RLSA-2024:0012
SUSE-SU-2023:4912-1
SUSE-SU-2023:4928-1
SUSE-SU-2023:4929-1
USN-6562-1
USN-6562-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Suse
Ubuntu