CVE-2024-2609

Summary

The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 124affected
MozillaFirefox ESRunspecified < 115.10affected
MozillaThunderbirdunspecified < 115.10affected

Weaknesses

  • Permission prompt input delay could expire when not in focus

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References