CVE-2024-6607

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-763
View all →

Vulnerability Description

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This vulnerability affects Firefox < 128 and Thunderbird < 128.

Related Vulnerabilities

CVE-2022-42309

HIGH
CVSS:8.8(High)

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xens...

CWE-7632022

CVE-2021-3682

HIGH
CVSS:8.5(High)

A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being...

CWE-7632021

CVE-2018-6836

CRITICAL
CVSS:9.8(Critical)

The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of s...

CWE-7632018

CVE-2019-11930

CRITICAL
CVSS:9.8(Critical)

An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and ...

CWE-7632019

CVE-2020-0103

CRITICAL
CVSS:9.8(Critical)

In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. ...

CWE-7632020

CVE-2020-11105

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared...

CWE-7632020