CVE-2023-6206
Published: 21 November 2023
Summary
CVE-2023-6206 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Debian Debian Linux. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 37.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58453
Vulnerability details
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be…
more
about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.