Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-1550
HistoryFeb 20, 2024 - 12:00 a.m.

CVE-2024-1550

2024-02-2000:00:00
ubuntu.com
ubuntu.com
10
cve-2024-1550
malicious website
fullscreen mode
requestpointerlock
mouse repositioning
user confusion
unauthorized permissions
firefox
thunderbird

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

A malicious website could have used a combination of exiting fullscreen
mode and requestPointerLock to cause the user’s mouse to be re-positioned
unexpectedly, which could have led to user confusion and inadvertently
granting permissions they did not intend to grant. This vulnerability
affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Notes

Author Note
tyhicks mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap