CVE-2024-6608Mozilla Firefox vulnerability

10 documents8 sources
Severity
4.3MEDIUMNVD
OSV4.7
EPSS
0.1%
top 68.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedJul 9
Latest updateJul 10

Description

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5mozilla/firefoxunspecified128
NVDmozilla/firefox< 128.0
Ubuntumozilla/firefox< 128.0+build2-0ubuntu0.20.04.1
CVEListV5mozilla/thunderbirdunspecified128
NVDmozilla/thunderbird< 128.0

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2024-07-10
OSV
CVE-2024-6608: It was possible to move the cursor using pointerlock from an iframe2024-07-10
GHSA
GHSA-vr96-9xq4-q4jp: It was possible to move the cursor using pointerlock from an iframe2024-07-09
CVEList
Cursor could be moved out of the viewport using pointerlock.2024-07-09

📋Vendor Advisories

5
Ubuntu
Firefox vulnerabilities2024-07-10
Microsoft
It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunder2024-07-09
Debian
CVE-2024-6608: firefox - It was possible to move the cursor using pointerlock from an iframe. This allowe...2024
Mozilla
Mozilla Foundation Security Advisory 2024-29: CVE-2024-6608
Mozilla
Mozilla Foundation Security Advisory 2024-32: CVE-2024-6608
CVE-2024-6608 — Mozilla Firefox vulnerability | cvebase