{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6211", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-11-20T13:33:41.215Z", "datePublished": "2023-11-21T14:28:54.446Z", "dateUpdated": "2023-11-21T14:28:54.446Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "120", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120."}]}], "problemTypes": [{"descriptions": [{"description": "Clickjacking to load insecure pages in HTTPS-only mode", "lang": "en", "type": "text"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-49/"}, {"url": "https://security.gentoo.org/glsa/202401-10"}], "credits": [{"lang": "en", "value": "Muneaki Nishimura"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-11-21T14:28:54.446Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "30F5F1B5-825D-4DC4-A6F0-ED5AD1B031F2", "versionEndExcluding": "120.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120."}, {"lang": "es", "value": "Si un atacante necesitaba que un usuario cargara una p\u00e1gina http: insegura y sab\u00eda que el usuario hab\u00eda habilitado el modo solo HTTPS, el atacante podr\u00eda haber enga\u00f1ado al usuario para que hiciera clic para otorgar una excepci\u00f3n solo HTTPS si pudiera lograr que el usuario participara en una juego de clics. Esta vulnerabilidad afecta a Firefox &lt; 120."}], "id": "CVE-2023-6211", "lastModified": "2024-01-07T11:15:14.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-21T15:15:08.057", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1850200"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/202401-10"}, {"source": "security@mozilla.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2023-49/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}