Clickjacking permission prompts using the fullscreen transition - CVE-2023-6206ID: oval:org.secpod.oval:def:94710 | Date: (C)2023-11-22 (M)2024-01-08 |
Class: VULNERABILITY | Family: macos |
Mozilla Firefox 120.0, Mozilla Firefox ESR 115.5 or Mozilla Thunderbird 115.5.0 : The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla Thunderbird |