CVE-2024-6607

2024-07-0914:25:58

mozilla

www.cve.org

user confusion

pointerlock exit

customvalidity overlay

firefox

vulnerability

permission prompts

EPSS

Percentile

16.0%

JSON

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a <select> element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "128",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "128",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]