CVE-2023-6867

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 19, 2023

Updated: Feb 2, 2024

CWE ID 1021

Summary

CVE-2023-6867 is a vulnerability affecting Firefox ESR versions below 115.6 and Firefox versions below 121. Hackers can exploit this timing issue to deceive users by making a pop-up disappear just as the anti-clickjacking delay on permission prompts is about to expire. This allows the attacker to surprise users and potentially trick them into granting permissions at an unexpected moment.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t0R2mP
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://nvd.nist.gov/vuln/detail/CVE-2023-6867

Back to Vulnerability Database

CVE-2023-6867

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations