The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 | Issue Tracking Permissions Required |
https://lists.debian.org/debian-lts-announce/2023/11/msg00017.html | Mailing List |
https://lists.debian.org/debian-lts-announce/2023/11/msg00030.html | |
https://www.debian.org/security/2023/dsa-5561 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-49/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-50/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2023-52/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2023-11-21T14:28:52.832Z
Updated: 2023-11-22T16:46:26.360Z
Reserved: 2023-11-20T13:33:29.870Z
Link: CVE-2023-6206
JSON object: View
NVD Information
Status : Modified
Published: 2023-11-21T15:15:07.787
Modified: 2023-11-30T16:15:10.940
Link: CVE-2023-6206
JSON object: View
Redhat Information
No data.
CWE