{"id":"CVE-2023-28164","details":"Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.","modified":"2026-03-15T22:46:38.234444Z","published":"2023-06-02T17:15:12.253Z","related":["ALSA-2023:1336","ALSA-2023:1337","ALSA-2023:1403","ALSA-2023:1407","MGASA-2023-0111","MGASA-2023-0116","SUSE-SU-2023:0728-1","SUSE-SU-2023:0763-1","SUSE-SU-2023:0835-1","SUSE-SU-2023:1736-1","openSUSE-SU-2024:12786-1","openSUSE-SU-2024:12791-1","openSUSE-SU-2024:12839-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-09/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-10/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-11/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1809122"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"111.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.9"}]},{"events":[{"introduced":"0"},{"fixed":"102.9"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28164.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}