CVE-2024-6608

Published: Jul 9, 2024Modified: Mar 25, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Affected (2)

Products: Mozilla: Firefox, Thunderbird

Mozilla

2 products

Firefox

Thunderbird

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 128.0
Mozilla Thunderbird	Before 128.0

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=1743329

Source: security@mozilla.org

Issue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-29/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-32/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1743329

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://www.mozilla.org/security/advisories/mfsa2024-29/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-32/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.