CVE-2024-6605: Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.

CVE-2024-26861 [MEDIUM] CWE-362 kernel: wireguard: receive: annotate data-race around receiving_counter.counter kernel: wireguard: receive: annotate data-race around receiving_counter.counter In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() annotations to mark the data race as intentional. BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [inline] wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461 __napi_poll+0x60/0x3b0 net/core/dev.c:6536 napi_poll net/core/dev.c:6605 [inline] net_rx_action+0x32b/0x750 net/core/dev.c:6738 __do_so

CVE-2024-6605 [HIGH] CVE-2024-6605: firefox - Firefox Android allowed immediate interaction with permission prompts. This coul... Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128. Scope: local sid: resolved

CVE-2024-6605 [HIGH] Mozilla Foundation Security Advisory 2024-29: CVE-2024-6605 Mozilla Foundation Security Advisory 2024-29 CVE: CVE-2024-6605 Product: Firefox Impact: high Fixed in: Firefox 128

CVE-2024-6605 [HIGH] CWE-277 GHSA-cpfv-mr66-74v6: Firefox Android allowed immediate interaction with permission prompts Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.

Potential Clickjacking Attack Exploiting Web API Permissions Granting on Mobile Browser Potential Clickjacking Attack Exploiting Web API Permissions Granting on Mobile Browser Created attachment 9376713 Clickjacking Potential.mp4 I have identified a vulnerability within Firefox mobile browser version 122.0 (Build 2015998391), where an attacker can exploit clickjacking to gain permission access to a mobile phone user's device. In my demonstration, I have created two files to illustrate the clickjacking scenario. To replicate the issue, please follow these steps: 1. Download both HTML files provided and ensure they are stored in the same directory on your web server. 2. Open the 'download.html' file. 3. Follow the instructions outlined on the page. Actual Outcome: Upon closing the second tab, there exists a potential for clickjacking to occur, granting unauthorized permissi