Login Sign Up

CVE-2023-32207

8.8 HIGH

📋 TL;DR

This vulnerability in Firefox, Firefox ESR, and Thunderbird allows attackers to bypass popup notification delays, tricking users into granting permissions without proper consideration. It affects users running outdated versions of these Mozilla applications. Attackers could exploit this to gain unauthorized access to sensitive permissions like location, camera, or microphone.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 113, Firefox ESR < 102.11, Thunderbird < 102.11
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special settings required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could trick users into granting full browser permissions, leading to complete compromise of browser security, data theft, and potential system access through subsequent exploits.

🟠

Likely Case

Attackers use malicious websites to trick users into granting permissions like location access, camera/microphone access, or notification permissions without proper user awareness.

🟢

If Mitigated

With updated browsers and user awareness training, impact is minimal as the vulnerability is patched and users are cautious about permission prompts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking on malicious content) but the technical barrier is low once the user visits a malicious site.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 113+, Firefox ESR 102.11+, Thunderbird 102.11+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2023-16/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable automatic permission grants

all

Configure browsers to require manual permission approval for all sites

about:config → dom.disable_beforeunload = true
about:config → permissions.default.image = 2

🧯 If You Can't Patch

  • Disable JavaScript for untrusted sites
  • Use browser extensions that block permission prompts

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog. If version is below patched versions, system is vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Verify version is Firefox 113+, Firefox ESR 102.11+, or Thunderbird 102.11+ in About dialog.

📡 Detection & Monitoring

Log Indicators:

  • Multiple permission grant events in short timeframes
  • Permission grants to unfamiliar domains

Network Indicators:

  • Requests to known malicious domains requesting permissions

SIEM Query:

source="browser_logs" event_type="permission_grant" count by user, domain timechart span=1m

📊 Metadata

CVE ID: CVE-2023-32207
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-290
Published: June 2, 2023
Last Updated: January 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32207, you might also want to check these:

CVE-2025-66570 10.0

This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT,...

Same vulnerability type (CWE-290)
CVE-2022-2310 10.0

CVE-2022-2310 is an authentication bypass vulnerability in Skyhigh Secure Web Gateway (SWG) that all...

Same vulnerability type (CWE-290)
CVE-2020-26276 10.0

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabl...

Same vulnerability type (CWE-290)