First published: Tue Dec 19 2023(Updated: )
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/firefox | <115.6 | 115.6 |
redhat/thunderbird | <115.6 | 115.6 |
Mozilla Firefox ESR | <115.6 | 115.6 |
Mozilla Firefox | <121 | 121 |
Mozilla Firefox | <121.0 | |
Mozilla Firefox ESR | <115.6 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
ubuntu/firefox | <121.0+ | 121.0+ |
debian/firefox | 125.0.3-1 | |
debian/firefox-esr | <=91.12.0esr-1~deb10u1 | 115.10.0esr-1~deb10u1 115.7.0esr-1~deb11u1 115.10.0esr-1~deb11u1 115.7.0esr-1~deb12u1 115.10.0esr-1~deb12u1 115.10.0esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)