vulnerability
CentOS Linux: CVE-2023-6867: Important: firefox security update (CESA-2024:0026)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Dec 19, 2023 | Jan 3, 2024 | Jan 28, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Dec 19, 2023
Added
Jan 3, 2024
Modified
Jan 28, 2025
Description
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Solutions
centos-upgrade-firefoxcentos-upgrade-firefox-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.