It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | 3.20-community | noarch | firefox | = 126.0.1-r0 | UNKNOWN |
Alpine | 3.20-community | noarch | thunderbird | = 115.11.0-r0 | UNKNOWN |