CVE Published: 09/07/2024 |
CVE Updated: 12/09/2024 |
CVE Year: 2024 Source: mozilla |
Vendor: Mozilla |
Product: Firefox Status : PUBLISHED
CVE-2024-6607 Description
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.