CVE-2023-6870 — UI Misrepresentation / Clickjacking in Mozilla Firefox
Severity
5.3MEDIUMNVD
NVD4.3CNA4.3OSV4.3
EPSS
0.7%
top 28.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 19
Latest updateSep 3
Description
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages2 packages
🔴Vulnerability Details
6OSV▶
CVE-2024-8388: Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mod↗2024-09-03
CVEList▶
CVE-2024-8388: Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mod↗2024-09-03
GHSA▶
GHSA-j755-mmjr-g7rh: Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mod↗2024-09-03
CVEList▶
CVE-2023-6870: Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox↗2023-12-19
OSV▶
CVE-2023-6870: Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox↗2023-12-19