It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Mozilla
Mozilla firefox Mozilla thunderbird |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-07-09T14:25:58.566Z
Updated: 2024-09-12T15:48:03.646Z
Reserved: 2024-07-09T14:12:56.881Z
Link: CVE-2024-6607
Vulnrichment
Updated: 2024-08-01T21:41:03.973Z
NVD
Status : Awaiting Analysis
Published: 2024-07-09T15:15:12.790
Modified: 2024-11-21T09:49:59.050
Link: CVE-2024-6607
Redhat
No data.