VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-twbq-jsyg-qkf6

Essentials
Severities (26)
References (38)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-twbq-jsyg-qkf6
Aliases	CVE-2023-6867
Summary	The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss	0.00813	https://api.first.org/data/v1/epss?cve=CVE-2023-6867
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1863863
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2023-6867
ssvc	Track	https://security.gentoo.org/glsa/202401-10
ssvc	Track	https://www.debian.org/security/2023/dsa-5581
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-54/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2023-56/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-6867
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6856
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6857
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6858
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6859
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6860
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6861
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6862
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6863
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6864
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6865
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6867
		https://security.gentoo.org/glsa/202401-10
2255366		https://bugzilla.redhat.com/show_bug.cgi?id=2255366
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-6867		https://nvd.nist.gov/vuln/detail/CVE-2023-6867
dsa-5581		https://www.debian.org/security/2023/dsa-5581
mfsa2023-54		https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
mfsa2023-54		https://www.mozilla.org/security/advisories/mfsa2023-54/
mfsa2023-56		https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
mfsa2023-56		https://www.mozilla.org/security/advisories/mfsa2023-56/
msg00020.html		https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
RHSA-2024:0011		https://access.redhat.com/errata/RHSA-2024:0011
RHSA-2024:0012		https://access.redhat.com/errata/RHSA-2024:0012
RHSA-2024:0019		https://access.redhat.com/errata/RHSA-2024:0019
RHSA-2024:0021		https://access.redhat.com/errata/RHSA-2024:0021
RHSA-2024:0022		https://access.redhat.com/errata/RHSA-2024:0022
RHSA-2024:0023		https://access.redhat.com/errata/RHSA-2024:0023
RHSA-2024:0024		https://access.redhat.com/errata/RHSA-2024:0024
RHSA-2024:0025		https://access.redhat.com/errata/RHSA-2024:0025
RHSA-2024:0026		https://access.redhat.com/errata/RHSA-2024:0026
show_bug.cgi?id=1863863		https://bugzilla.mozilla.org/show_bug.cgi?id=1863863
USN-6562-1		https://usn.ubuntu.com/6562-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1863863

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6867

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://security.gentoo.org/glsa/202401-10

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://www.debian.org/security/2023/dsa-5581

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-54/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T18:50:04Z/ Found at https://www.mozilla.org/security/advisories/mfsa2023-56/

Exploit Prediction Scoring System (EPSS)

Percentile	0.7214
EPSS Score	0.00749
Published At	Aug. 8, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:32.712273+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2023/mfsa2023-54.yml	37.0.0