CVE-2023-32207

Summary

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 113affected
MozillaFirefox ESRunspecified < 102.11affected
MozillaThunderbirdunspecified < 102.11affected

Weaknesses

  • Potential permissions request bypass via clickjacking

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References