Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-6206

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 21 нояб. 2023
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: debian
EPSS Низкий

ОписаниС

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

ΠŸΠ°ΠΊΠ΅Ρ‚Ρ‹

ΠŸΠ°ΠΊΠ΅Ρ‚Π‘Ρ‚Π°Ρ‚ΡƒΡΠ’Π΅Ρ€ΡΠΈΡ исправлСнияРСлизВип
firefoxfixed120.0-1package
firefox-esrfixed115.5.0esr-1package
thunderbirdfixed1:115.5.0-1package

ΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΡ

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6206

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 65%
0.00502
Низкий

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-6206

CVSS3: 5.4
ubuntu
большС 1 года назад

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-6206

CVSS3: 7.5
redhat
большС 1 года назад

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2023-6206

CVSS3: 5.4
nvd
большС 1 года назад

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-68m9-mw54-x3jx

CVSS3: 5.4
github
большС 1 года назад

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2023-08087

CVSS3: 7.5
fstec
большС 1 года назад

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ полноэкранного Ρ€Π΅ΠΆΠΈΠΌΠ° Π±Ρ€Π°ΡƒΠ·Π΅Ρ€ΠΎΠ² Firefox ΠΈ Firefox ESR ΠΈ ΠΏΠΎΡ‡Ρ‚ΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠ»ΠΈΠ΅Π½Ρ‚Π° Thunderbird, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ провСсти Π°Ρ‚Π°ΠΊΡƒ Ρ‚ΠΈΠΏΠ° clickjacking (Β«Π·Π°Ρ…Π²Π°Ρ‚ ΠΊΠ»ΠΈΠΊΠ°Β»)

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 65%
0.00502
Низкий
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2023-6206