Search for vulnerabilities
Vulnerability details: VCID-uzba-99mh-aaac
Vulnerability ID VCID-uzba-99mh-aaac
Aliases CVE-2023-6867
Summary The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00579 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.00813 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
epss 0.01118 https://api.first.org/data/v1/epss?cve=CVE-2023-6867
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-6867
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-6867
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json
https://api.first.org/data/v1/epss?cve=CVE-2023-6867
https://bugzilla.mozilla.org/show_bug.cgi?id=1863863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6867
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
https://www.debian.org/security/2023/dsa-5581
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.mozilla.org/security/advisories/mfsa2023-56/
2255366 https://bugzilla.redhat.com/show_bug.cgi?id=2255366
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-6867 https://nvd.nist.gov/vuln/detail/CVE-2023-6867
GLSA-202401-10 https://security.gentoo.org/glsa/202401-10
mfsa2023-54 https://www.mozilla.org/en-US/security/advisories/mfsa2023-54
mfsa2023-56 https://www.mozilla.org/en-US/security/advisories/mfsa2023-56
RHSA-2024:0011 https://access.redhat.com/errata/RHSA-2024:0011
RHSA-2024:0012 https://access.redhat.com/errata/RHSA-2024:0012
RHSA-2024:0019 https://access.redhat.com/errata/RHSA-2024:0019
RHSA-2024:0021 https://access.redhat.com/errata/RHSA-2024:0021
RHSA-2024:0022 https://access.redhat.com/errata/RHSA-2024:0022
RHSA-2024:0023 https://access.redhat.com/errata/RHSA-2024:0023
RHSA-2024:0024 https://access.redhat.com/errata/RHSA-2024:0024
RHSA-2024:0025 https://access.redhat.com/errata/RHSA-2024:0025
RHSA-2024:0026 https://access.redhat.com/errata/RHSA-2024:0026
USN-6562-1 https://usn.ubuntu.com/6562-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6867.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6867
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6867
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22000
EPSS Score 0.00053
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:55.498676+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-6867 34.0.0rc1