A bug in popup notifications' interaction with WebAuthn made it easier for an malicious user to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Mozilla Foundation Security Advisory 2024-22
Security Vulnerabilities fixed in Firefox ESR 11511
Announced
May 14, 2024
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 11511
...
Mozilla Foundation Security Advisory 2024-21
Security Vulnerabilities fixed in Firefox 126
Announced
May 14, 2024
Impact
high
Products
Firefox
Fixed in
Firefox 126
...
Mozilla Foundation Security Advisory 2024-23
Security Vulnerabilities fixed in Thunderbird 11511
Announced
May 15, 2024
Impact
high
Products
Thunderbird
Fixed in
Thunderbird 11511
...