CVE-2024-6605Insecure Inherited Permissions in Mozilla Firefox

CWE-277Insecure Inherited PermissionsCWE-362Race Condition7 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 31.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJul 9

Description

Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5mozilla/firefoxunspecified128
NVDmozilla/firefox< 128.0

🔴Vulnerability Details

2
CVEList
Firefox Android missed activation delay to prevent tapjacking2024-07-09
GHSA
GHSA-cpfv-mr66-74v6: Firefox Android allowed immediate interaction with permission prompts2024-07-09

📋Vendor Advisories

3
Red Hat
kernel: wireguard: receive: annotate data-race around receiving_counter.counter2024-04-17
Debian
CVE-2024-6605: firefox - Firefox Android allowed immediate interaction with permission prompts. This coul...2024
Mozilla
Mozilla Foundation Security Advisory 2024-29: CVE-2024-6605

💬Community

1
Bugzilla
Potential Clickjacking Attack Exploiting Web API Permissions Granting on Mobile Browser2024-01-26
CVE-2024-6605 — Insecure Inherited Permissions | cvebase