CVE-2023-6206: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact…

[MEDIUM] Firefox regressions Title: Firefox regressions Summary: USN-6509-1 caused some minor regressions in Firefox. USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitiv

CVE-2023-6206 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6212) It was discovered that Thudnerbird did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Thunderbird incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit thi

CVE-2023-6207 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of ser

CVE-2023-6206 [MEDIUM] CWE-1021 Mozilla: Clickjacking permission prompts using the fullscreen transition Mozilla: Clickjacking permission prompts using the fullscreen transition The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. Statement: Red Hat Product Security rates the sev

CVE-2023-6206 [MEDIUM] CVE-2023-6206: firefox - The black fade animation when exiting fullscreen is roughly the length of the an... The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Scope: local sid: resolved (fixed in 120.0-1)

CVE-2023-6206 [MEDIUM] Mozilla Foundation Security Advisory 2023-49: CVE-2023-6206 Mozilla Foundation Security Advisory 2023-49 CVE: CVE-2023-6206 Product: Firefox Impact: high Fixed in: Firefox 120

CVE-2023-6206 [MEDIUM] Mozilla Foundation Security Advisory 2023-52: CVE-2023-6206 Mozilla Foundation Security Advisory 2023-52 CVE: CVE-2023-6206 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.5

CVE-2023-6206 [MEDIUM] Mozilla Foundation Security Advisory 2023-50: CVE-2023-6206 Mozilla Foundation Security Advisory 2023-50 CVE: CVE-2023-6206 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.5

CVE-2023-6206 [MEDIUM] firefox regressions firefox regressions USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly

CVE-2023-6206 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6212) It was discovered that Thudnerbird did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Thunderbird incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6205) It discovered

CVE-2023-6206 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-6206, CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213) It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. (CVE-2023-6204) It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-6205) It discovered that Firefox incorrectly di

CVE-2023-6206 [MEDIUM] CVE-2023-6206: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

CVE-2023-6206 [MEDIUM] CWE-1021 GHSA-68m9-mw54-x3jx: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

[MEDIUM] PopupNotifications clickjacking by obscuring notification via full screen exit transition PopupNotifications clickjacking by obscuring notification via full screen exit transition Created attachment 9364822 test.html By combining techniques from https://bugzilla.mozilla.org/show_bug.cgi?id=1839073 and https://bugzilla.mozilla.org/show_bug.cgi?id=1857430, possible to bypass fullscreen. STR 0. For better verification, increase security.notification_enable_delay in about:config to 1000. 1. Open test.html 2. Hover over button and spam click. 3. The prompt is accepted instantaneously after a fullscreen transition without enablement delay of 1000ms Hypothesis: In this patch we reset the timeShown of https://hg.mozilla.org/mozilla-central/rev/75b8d8d5ea21 when window containing prompt gains focus. Therefore, I think any modifications to the timeShown variable in the fullscreen pat