Lucene search

K

[email protected]NVD:CVE-2023-6208

HistoryNov 21, 2023 - 3:15 p.m.

CVE-2023-6208

2023-11-2115:15:07

[email protected]

web.nvd.nist.gov

4

cve-2023-6208

firefox

x11

selection api

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.8%

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.
This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Affected configurations

NVD

Node

mozillafirefoxRange<120.0

OR

mozillafirefox_esrRange<115.5.0

OR

mozillathunderbirdRange<115.5

Node

debiandebian_linuxMatch10.0

OR

debiandebian_linuxMatch11.0

OR

debiandebian_linuxMatch12.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1855345

lists.debian.org/debian-lts-announce/2023/11/msg00017.html

lists.debian.org/debian-lts-announce/2023/11/msg00030.html

www.debian.org/security/2023/dsa-5561

www.mozilla.org/security/advisories/mfsa2023-49/

www.mozilla.org/security/advisories/mfsa2023-50/

www.mozilla.org/security/advisories/mfsa2023-52/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.8%

Related for NVD:CVE-2023-6208

redhatcve1 veracode1 prion1 cvelist1 ubuntucve1 alpinelinux1 cve1 debiancve1 nessus61 mageia2 oraclelinux6 amazon1 osv12 debian4 openvas17 redhat20 mozilla3 almalinux4 kaspersky3 slackware2 ubuntu3 rocky1 gentoo1