Public on 2024-02-20
Modified on 2024-02-21
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
Medium severity
CVSS v3 Base Score
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Firefox Extra firefox 2024-02-29 ALAS2FIREFOX-2024-022 Fixed
Amazon Linux 2 - Core thunderbird 2024-02-29 ALAS2-2024-2477 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L