CVE-2024-1550

Summary

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 123affected
MozillaFirefox ESRunspecified < 115.8affected
MozillaThunderbirdunspecified < 115.8affected

Weaknesses

  • Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References