It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.
History

Fri, 06 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2024-07-09T14:25:58.566Z

Updated: 2024-09-12T15:48:03.646Z

Reserved: 2024-07-09T14:12:56.881Z

Link: CVE-2024-6607

cve-icon Vulnrichment

Updated: 2024-08-01T21:41:03.973Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-09T15:15:12.790

Modified: 2024-11-21T09:49:59.050

Link: CVE-2024-6607

cve-icon Redhat

No data.