CVE-2023-5721
First published: Tue Oct 24 2023(Updated: )
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <115.4.1 | 115.4.1 |
| Mozilla Firefox ESR | <115.4 | 115.4 |
| redhat/firefox | <115.4 | 115.4 |
| redhat/thunderbird | <115.4.1 | 115.4.1 |
| Mozilla Firefox | <119 | 119 |
| Mozilla Firefox | <119.0 | |
| Mozilla Firefox ESR | <115.4 | |
| Mozilla Thunderbird | <115.4.1 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| debian/firefox | 130.0-2 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 115.15.0esr-1~deb11u1 115.14.0esr-1~deb12u1 115.15.0esr-1~deb12u1 115.15.0esr-1 | |
| debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.15.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.15.0-1~deb12u1 1:128.2.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1830820
- https://www.mozilla.org/security/advisories/mfsa2023-45/
- https://www.mozilla.org/security/advisories/mfsa2023-46/
- https://www.mozilla.org/security/advisories/mfsa2023-47/
- https://www.debian.org/security/2023/dsa-5535
- https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html
- https://www.debian.org/security/2023/dsa-5538
- https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html
- https://launchpad.net/bugs/cve/CVE-2023-5721
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721
- https://access.redhat.com/errata/RHSA-2023:6162
- https://access.redhat.com/errata/RHSA-2023:6185
- https://access.redhat.com/errata/RHSA-2023:6188
- https://access.redhat.com/errata/RHSA-2023:6186
- https://access.redhat.com/errata/RHSA-2023:6189
- https://access.redhat.com/errata/RHSA-2023:6187
- https://access.redhat.com/errata/RHSA-2023:6191
- https://access.redhat.com/errata/RHSA-2023:6193
- https://access.redhat.com/errata/RHSA-2023:6194
- https://access.redhat.com/errata/RHSA-2023:6197
- https://access.redhat.com/errata/RHSA-2023:6198
- https://access.redhat.com/errata/RHSA-2023:6195
- https://access.redhat.com/errata/RHSA-2023:6199
- https://access.redhat.com/errata/RHSA-2023:6196
- https://bugzilla.redhat.com/show_bug.cgi?id=2245896
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5721
- https://nvd.nist.gov/vuln/detail/CVE-2023-5721
- https://security-tracker.debian.org/tracker/CVE-2023-5721
- https://ubuntu.com/security/CVE-2023-5721
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5721
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-5721.
What is the title of the vulnerability?
The title of the vulnerability is 'It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally…'
How does the vulnerability occur?
The vulnerability occurs due to an insufficient activation-delay for certain browser prompts and dialogs.
Which software products are affected by this vulnerability?
The Mozilla Firefox versions up to 119 and Mozilla Firefox ESR versions up to 115.4 are affected.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high with a severity value of 7 on a scale of 1-10.
- agent/author
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-5721
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/weakness
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/tags
- agent/softwarecombine
- agent/event
- agent/description
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- package-manager/redhat
- canonical/mozilla firefox
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- package-manager/debian