CVE-2023-6869

{"id": "CVE-2023-6869", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-12-19T14:15:08.040", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1799036", "tags": ["Issue Tracking", "Permissions Required"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/202401-10", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121."}, {"lang": "es", "value": "Un elemento `&lt;dialog&gt;` podr\u00eda haber sido manipulado para pintar contenido fuera de un iframe en la sandbox. Esto podr\u00eda permitir que se muestre contenido que no es de confianza bajo la apariencia de contenido confiable. Esta vulnerabilidad afecta a Firefox &lt; 121."}], "lastModified": "2024-02-02T02:29:05.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919", "versionEndExcluding": "121.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}