CVE-2023-6867
6.1
MEDIUM
CVSS 3.1
EPSS 0.86%
Description
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
How to fix CVE-2023-6867
To remediate CVE-2023-6867, upgrade the affected package to a fixed version below.
- —upgrade to 115.6.0esr-1~deb11u1 or later
Is CVE-2023-6867 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 115.6.0esr-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |