CVE-2024-2609

2024-03-1912:15:08

Debian Security Bug Tracker

security-tracker.debian.org

permission prompt

input delay

vulnerability

firefox

clickjacking

malicious websites

unix

5.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 124.0-1firefox_124.0-1_all.deb
Debian12allfirefox-esr< 115.10.0esr-1~deb12u1firefox-esr_115.10.0esr-1~deb12u1_all.deb
Debian11allfirefox-esr< 115.10.0esr-1~deb11u1firefox-esr_115.10.0esr-1~deb11u1_all.deb
Debian999allfirefox-esr< 115.10.0esr-1firefox-esr_115.10.0esr-1_all.deb
Debian13allfirefox-esr< 115.10.0esr-1firefox-esr_115.10.0esr-1_all.deb
Debian12allthunderbird< 1:115.10.1-1~deb12u1thunderbird_1:115.10.1-1~deb12u1_all.deb
Debian11allthunderbird< 1:115.10.1-1~deb11u1thunderbird_1:115.10.1-1~deb11u1_all.deb
Debian999allthunderbird< 1:115.10.1-1thunderbird_1:115.10.1-1_all.deb
Debian13allthunderbird< 1:115.10.1-1thunderbird_1:115.10.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 124.0-1	firefox_124.0-1_all.deb
Debian	12	all	firefox-esr	< 115.10.0esr-1~deb12u1	firefox-esr_115.10.0esr-1~deb12u1_all.deb
Debian	11	all	firefox-esr	< 115.10.0esr-1~deb11u1	firefox-esr_115.10.0esr-1~deb11u1_all.deb
Debian	999	all	firefox-esr	< 115.10.0esr-1	firefox-esr_115.10.0esr-1_all.deb
Debian	13	all	firefox-esr	< 115.10.0esr-1	firefox-esr_115.10.0esr-1_all.deb
Debian	12	all	thunderbird	< 1:115.10.1-1~deb12u1	thunderbird_1:115.10.1-1~deb12u1_all.deb
Debian	11	all	thunderbird	< 1:115.10.1-1~deb11u1	thunderbird_1:115.10.1-1~deb11u1_all.deb
Debian	999	all	thunderbird	< 1:115.10.1-1	thunderbird_1:115.10.1-1_all.deb
Debian	13	all	thunderbird	< 1:115.10.1-1	thunderbird_1:115.10.1-1_all.deb