Main Vulnerability Database Vulnerabilities #VU94621

#VU94621 Insufficient UI Warning of Dangerous Operations in Firefox for Android and Mozilla Firefox - CVE-2024-6608

Published: July 21, 2024

Vulnerability identifier: #VU94621

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-6608

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when handling cursor and pointerlock. It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2024-29/

#VU94621 Insufficient UI Warning of Dangerous Operations in Firefox for Android and Mozilla Firefox - CVE-2024-6608

Description

Remediation

External links

Please verify you're human