The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
The product’s user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 115.10.0 (excluding) |
| Firefox | Mozilla | * | 124.0 (excluding) |
| Thunderbird | Mozilla | * | 115.10.0 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:115.10.0-1.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:115.10.0-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | firefox-0:115.10.0-1.el8_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:115.10.0-2.el8_9 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | firefox-0:115.10.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | thunderbird-0:115.10.0-2.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | firefox-0:115.10.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | thunderbird-0:115.10.0-2.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | firefox-0:115.10.0-1.el8_2 | * |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | thunderbird-0:115.10.0-2.el8_2 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | firefox-0:115.10.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | thunderbird-0:115.10.0-2.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | firefox-0:115.10.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | thunderbird-0:115.10.0-2.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | firefox-0:115.10.0-1.el8_4 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | thunderbird-0:115.10.0-2.el8_4 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | firefox-0:115.10.0-1.el8_6 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | thunderbird-0:115.10.0-2.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | firefox-0:115.10.0-1.el8_8 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | thunderbird-0:115.10.0-2.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | firefox-0:115.10.0-1.el9_3 | * |
| Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:115.10.0-2.el9_3 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | firefox-0:115.10.0-1.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | thunderbird-0:115.10.0-2.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | firefox-0:115.10.0-1.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | thunderbird-0:115.10.0-2.el9_2 | * |
| Firefox | Ubuntu | focal | * |
| Mozjs102 | Ubuntu | devel | * |
| Mozjs102 | Ubuntu | esm-apps/noble | * |
| Mozjs102 | Ubuntu | jammy | * |
| Mozjs102 | Ubuntu | mantic | * |
| Mozjs102 | Ubuntu | noble | * |
| Mozjs102 | Ubuntu | upstream | * |
| Mozjs38 | Ubuntu | esm-apps/bionic | * |
| Mozjs38 | Ubuntu | upstream | * |
| Mozjs52 | Ubuntu | esm-apps/focal | * |
| Mozjs52 | Ubuntu | esm-infra/bionic | * |
| Mozjs52 | Ubuntu | focal | * |
| Mozjs52 | Ubuntu | upstream | * |
| Mozjs68 | Ubuntu | focal | * |
| Mozjs68 | Ubuntu | upstream | * |
| Mozjs78 | Ubuntu | esm-apps/jammy | * |
| Mozjs78 | Ubuntu | jammy | * |
| Mozjs78 | Ubuntu | upstream | * |
| Mozjs91 | Ubuntu | jammy | * |
| Mozjs91 | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | focal | * |
| Thunderbird | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | mantic | * |