Unrated severityNVD Advisory· Published Nov 21, 2023· Updated Feb 13, 2025
CVE-2023-6206
CVE-2023-6206
Description
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Affected products
38- osv-coords35 versionspkg:rpm/almalinux/firefoxpkg:rpm/almalinux/firefox-x11pkg:rpm/almalinux/thunderbirdpkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5
< 115.5.0-1.el9_3.alma.1+ 34 more
- (no CPE)range: < 115.5.0-1.el9_3.alma.1
- (no CPE)range: < 115.5.0-1.el9_3.alma.1
- (no CPE)range: < 115.5.0-1.el8_9.alma.1
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 120.0-1.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- (no CPE)range: < 115.5.0-1.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150000.150.119.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-112.194.1
- (no CPE)range: < 115.6.0-150000.150.119.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-112.194.1
- (no CPE)range: < 115.6.0-150000.150.119.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-150200.152.120.1
- (no CPE)range: < 115.6.0-112.194.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- (no CPE)range: < 115.5.0-150200.8.139.1
- Range: unspecified
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- bugzilla.mozilla.org/show_bug.cgimitre
- lists.debian.org/debian-lts-announce/2023/11/msg00017.htmlmitre
- lists.debian.org/debian-lts-announce/2023/11/msg00030.htmlmitre
- www.debian.org/security/2023/dsa-5561mitre
- www.mozilla.org/security/advisories/mfsa2023-49/mitre
- www.mozilla.org/security/advisories/mfsa2023-50/mitre
- www.mozilla.org/security/advisories/mfsa2023-52/mitre
News mentions
0No linked articles in our index yet.