[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

Clickjacking permission prompts using the fullscreen transition - CVE-2023-6206

ID: oval:org.secpod.oval:def:94710Date: (C)2023-11-22   (M)2024-01-08
Class: VULNERABILITYFamily: macos




Mozilla Firefox 120.0, Mozilla Firefox ESR 115.5 or Mozilla Thunderbird 115.5.0 : The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Apple Mac OS X 10.13
Product:
Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Reference:
CVE-2023-6206
CVE    1
CVE-2023-6206

© SecPod Technologies