CVE-2023-6867
Published: 19 December 2023
Summary
CVE-2023-6867 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Debian Debian Linux. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 24.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59071
Vulnerability details
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the…
more
permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.