Insecure Loading of Content in Pop-ups: Firefox < 120 Vulnerability

Insecure Loading of Content in Pop-ups: Firefox < 120 Vulnerability

CVE-2023-6210 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.

Learn more about our Web App Pen Testing.