CVE-2023-6211UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking10 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 66.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedNov 21
Latest updateDec 4

Description

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5mozilla/firefoxunspecified120
NVDmozilla/firefox< 120.0
Ubuntumozilla/firefox< 120.0+build2-0ubuntu0.20.04.1+1

🔴Vulnerability Details

5
OSV
firefox regressions2023-12-04
OSV
firefox vulnerabilities2023-11-23
GHSA
GHSA-mv6j-qcrj-q856: If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user i2023-11-21
OSV
CVE-2023-6211: If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user i2023-11-21
CVEList
CVE-2023-6211: If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user i2023-11-21

📋Vendor Advisories

4
Ubuntu
Firefox regressions2023-12-04
Ubuntu
Firefox vulnerabilities2023-11-23
Debian
CVE-2023-6211: firefox - If an attacker needed a user to load an insecure http: page and knew that user h...2023
Mozilla
Mozilla Foundation Security Advisory 2023-49: CVE-2023-6211
CVE-2023-6211 — UI Misrepresentation / Clickjacking | cvebase