Main Vulnerability Database Vulnerabilities #VU94621

Insufficient UI Warning of Dangerous Operations in Firefox for Android and Mozilla Firefox - CVE-2024-6608

Published: July 21, 2024

Vulnerability identifier: #VU94621

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-6608

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when handling cursor and pointerlock. It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window.

How to mitigate CVE-2024-6608

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/

Insufficient UI Warning of Dangerous Operations in Firefox for Android and Mozilla Firefox - CVE-2024-6608

Detailed vulnerability description

How to mitigate CVE-2024-6608

Sources

Please verify you're human