AI Score
Confidence
Low
EPSS
Percentile
16.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a <select>
element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.
[
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"vendor": "mozilla",
"product": "firefox",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "128",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
],
"vendor": "mozilla",
"product": "thunderbird",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "128",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]