Vulnerabilities > CVE-2023-6211 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1850200
- https://bugzilla.mozilla.org/show_bug.cgi?id=1850200
- https://security.gentoo.org/glsa/202401-10
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-49/
- https://www.mozilla.org/security/advisories/mfsa2023-49/