The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
Mozilla Foundation Security Advisory 2024-12
Security Vulnerabilities fixed in Firefox 124
Announced
March 19, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 124
...
Mozilla Foundation Security Advisory 2024-19
Security Vulnerabilities fixed in Firefox ESR 11510
Announced
April 16, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11510
...
Mozilla Foundation Security Advisory 2024-20
Security Vulnerabilities fixed in Thunderbird 11510
Announced
April 16, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11510
...