Vulnerabilities > CVE-2024-1550 - Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mozilla
debian
CWE-1021
NVD
Published: 2024-02-20
Updated: 2024-12-10

Summary

A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Vulnerable Configurations

Part Description Count
Application
Mozilla
827
OS
Debian
1

Common Weakness Enumeration (CWE)

References