CVE-2023-28164
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jun 2, 2023
Updated: Jan 9, 2025
CWE ID 346
Summary
CVE-2023-28164 is a vulnerability that arises when users drag a URL from a cross-origin iframe that has been removed during the drag-and-drop process. This issue can lead to user confusion and potential website spoofing attacks. Notably, Firefox versions below 111, Firefox ESR below 102.9, and Thunderbird below 102.9 are affected by this vulnerability. Users are advised to update their browsers to mitigate the risk of falling victim to such attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share