Search for vulnerabilities
Vulnerability details: VCID-t6rv-2njr-aaap
Vulnerability ID VCID-t6rv-2njr-aaap
Aliases CVE-2023-34414
Summary The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-295 Improper Certificate Validation
CWE-449 The UI Performs the Wrong Action
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00092 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00108 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
epss 0.00829 https://api.first.org/data/v1/epss?cve=CVE-2023-34414
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.1 https://nvd.nist.gov/vuln/detail/CVE-2023-34414
cvssv3.1 3.1 https://nvd.nist.gov/vuln/detail/CVE-2023-34414
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-21
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json
https://api.first.org/data/v1/epss?cve=CVE-2023-34414
https://bugzilla.mozilla.org/show_bug.cgi?id=1695986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34416
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/202312-03
https://www.mozilla.org/security/advisories/mfsa2023-19/
https://www.mozilla.org/security/advisories/mfsa2023-20/
https://www.mozilla.org/security/advisories/mfsa2023-21/
2212841 https://bugzilla.redhat.com/show_bug.cgi?id=2212841
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2023-34414 https://nvd.nist.gov/vuln/detail/CVE-2023-34414
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-19 https://www.mozilla.org/en-US/security/advisories/mfsa2023-19
mfsa2023-20 https://www.mozilla.org/en-US/security/advisories/mfsa2023-20
mfsa2023-21 https://www.mozilla.org/en-US/security/advisories/mfsa2023-21
RHSA-2023:3560 https://access.redhat.com/errata/RHSA-2023:3560
RHSA-2023:3561 https://access.redhat.com/errata/RHSA-2023:3561
RHSA-2023:3562 https://access.redhat.com/errata/RHSA-2023:3562
RHSA-2023:3563 https://access.redhat.com/errata/RHSA-2023:3563
RHSA-2023:3564 https://access.redhat.com/errata/RHSA-2023:3564
RHSA-2023:3565 https://access.redhat.com/errata/RHSA-2023:3565
RHSA-2023:3566 https://access.redhat.com/errata/RHSA-2023:3566
RHSA-2023:3567 https://access.redhat.com/errata/RHSA-2023:3567
RHSA-2023:3578 https://access.redhat.com/errata/RHSA-2023:3578
RHSA-2023:3579 https://access.redhat.com/errata/RHSA-2023:3579
RHSA-2023:3587 https://access.redhat.com/errata/RHSA-2023:3587
RHSA-2023:3588 https://access.redhat.com/errata/RHSA-2023:3588
RHSA-2023:3589 https://access.redhat.com/errata/RHSA-2023:3589
RHSA-2023:3590 https://access.redhat.com/errata/RHSA-2023:3590
RHSA-2023:3596 https://access.redhat.com/errata/RHSA-2023:3596
RHSA-2023:3597 https://access.redhat.com/errata/RHSA-2023:3597
USN-6143-1 https://usn.ubuntu.com/6143-1/
USN-6214-1 https://usn.ubuntu.com/6214-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34414.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34414
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-34414
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18155
EPSS Score 0.00058
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.