CVE-2024-2609

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.mozilla.org/security/advisories/mfsa2024-20/
https://bugzilla.mozilla.org/show_bug.cgi?id=1866100
https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html
https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html
https://www.mozilla.org/security/advisories/mfsa2024-12/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.mozilla.org/security/advisories/mfsa2024-20/
Configurations

No configuration.

History

14 Mar 2025, 20:15

Type Values Removed Values Added
CWE CWE-356

21 Nov 2024, 09:10

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 -
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html -
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html -
References () https://www.mozilla.org/security/advisories/mfsa2024-12/ - () https://www.mozilla.org/security/advisories/mfsa2024-12/ -
References () https://www.mozilla.org/security/advisories/mfsa2024-19/ - () https://www.mozilla.org/security/advisories/mfsa2024-19/ -
References () https://www.mozilla.org/security/advisories/mfsa2024-20/ - () https://www.mozilla.org/security/advisories/mfsa2024-20/ -

28 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1

22 Apr 2024, 10:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html -

19 Apr 2024, 17:15

Type Values Removed Values Added
Summary (en) The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10. (en) The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-20/ -

19 Apr 2024, 11:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html -

16 Apr 2024, 16:15

Type Values Removed Values Added
References
  • () https://www.mozilla.org/security/advisories/mfsa2024-19/ -
Summary
  • (es) El retraso en la entrada del mensaje de permiso podría haber expirado mientras la ventana no estaba enfocada, lo que hizo que el mensaje fuera vulnerable al clickjacking por parte de sitios web maliciosos. Esta vulnerabilidad afecta a Firefox &lt; 124.
Summary (en) The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124. (en) The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124 and Firefox ESR < 115.10.

19 Mar 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-19 12:15

Updated : 2025-03-14 20:15

NVD link : CVE-2024-2609

Mitre link : CVE-2024-2609

CVE.ORG link : CVE-2024-2609

JSON object : View

Products Affected

No product.

CWE
CWE-356

Product UI does not Warn User of Unsafe Actions