VDB
CNVD-2024-12548
CNVD-2024-12548
PUBLISHED
CVSS 6.099999904632568 MEDIUM
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在安全绕过漏洞,该漏洞源于使用退出全屏模式和requestPointerLock的组合导致用户的鼠标被意外地重新定位,攻击者可利用该漏洞无意中授予不打算授予的权限。
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox ESR | unspecified |
Exploit Intelligence
- CIRCL seen: CVE-2024-1550 (circl-sighting)
- CIRCL seen: CVE-2024-1550 (circl-sighting)
- CIRCL seen: CVE-2024-1550 (circl-sighting)
- https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-05/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-06/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2024-07/ (circl)
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html (circl)
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html (circl)
Timeline
- Feb 20, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 PoC Published
- Mar 1, 2024 CVE ID Reserved
- Mar 8, 2024 PoC Published
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 url
- https://www.mozilla.org/security/advisories/mfsa2024-05/ url
- https://www.mozilla.org/security/advisories/mfsa2024-06/ url
- https://www.mozilla.org/security/advisories/mfsa2024-07/ url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html url
- https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html url