Description
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
Problem types
Potential permissions request bypass via clickjacking
Product status
Credits
Axel Chong (@Haxatron)
References
bugzilla.mozilla.org/show_bug.cgi?id=1839073
www.mozilla.org/security/advisories/mfsa2023-29/
www.mozilla.org/security/advisories/mfsa2023-30/
www.mozilla.org/security/advisories/mfsa2023-31/
www.debian.org/security/2023/dsa-5464
www.debian.org/security/2023/dsa-5469
lists.debian.org/debian-lts-announce/2023/08/msg00008.html
lists.debian.org/debian-lts-announce/2023/08/msg00010.html
