CVE-2024-6607

CVSS v3.1 8.8 (High)

EPSS 0.04 % (16^th)

Advisories 5

NVD Status Awaiting Analysis

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a <select> element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Weaknesses

CWE-763: Release of Invalid Pointer or Reference

CVE Status: PUBLISHED
NVD Status: Awaiting Analysis
CNA: Mozilla Corporation
Published Date: 2024-07-09 15:15:12
(2 months ago)
Updated Date: 2024-08-01 14:00:30
(6 weeks ago)