CVE-2023-6208 — UI Misrepresentation / Clickjacking in Mozilla Firefox
Severity
8.8HIGHNVD
EPSS
0.5%
top 36.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 21
Latest updateNov 27
Description
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.
*This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 10.0, 11.0, 12.0
🔴Vulnerability Details
3GHSA▶
GHSA-gvr6-g64h-9mj2: When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike th↗2023-11-21
CVEList▶
CVE-2023-6208: When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike th↗2023-11-21
OSV▶
CVE-2023-6208: When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike th↗2023-11-21
📋Vendor Advisories
7Debian▶
CVE-2023-6208: firefox - When using X11, text selected by the page using the Selection API was erroneousl...↗2023