CVE-2024-1550 — UI Misrepresentation / Clickjacking in Mozilla Firefox
Severity
6.1MEDIUMNVD
OSV7.5
EPSS
0.2%
top 57.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 20
Latest updateMar 6
Description
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages7 packages
Also affects: Debian Linux 10.0
🔴Vulnerability Details
6GHSA▶
GHSA-8q5j-74vg-j4hr: A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned un↗2024-02-20
CVEList▶
CVE-2024-1550: A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned un↗2024-02-20
📋Vendor Advisories
8Red Hat▶
Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants↗2024-02-20
Microsoft▶
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion↗2024-02-13
Debian▶
CVE-2024-1550: firefox - A malicious website could have used a combination of exiting fullscreen mode and...↗2024