CVE-2023-6210

Summary

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 120affected

Weaknesses

  • Mixed-content resources not blocked in a javascript: pop-up

ADP Enrichment

CVE Program Container

Additional References

References