CVE-2024-1549

Summary

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 123affected
MozillaFirefox ESRunspecified < 115.8affected
MozillaThunderbirdunspecified < 115.8affected

Weaknesses

  • Custom cursor could obscure the permission dialog

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References