Login Sign Up

CVE-2024-6608

4.3 MEDIUM

📋 TL;DR

This vulnerability allows an attacker to move the cursor outside the browser viewport and Firefox window using pointerlock from an iframe. This affects Firefox versions before 128 and Thunderbird versions before 128. The issue could enable UI redressing attacks or bypass security boundaries.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 128, Thunderbird < 128
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default configurations. Requires user interaction with malicious content.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could move the cursor to interact with other applications or system UI elements outside the browser, potentially enabling clickjacking attacks against sensitive system functions.

🟠

Likely Case

Most probable impact is UI redressing/clickjacking attacks where users are tricked into clicking on hidden elements, potentially leading to unintended actions within web applications.

🟢

If Mitigated

With proper browser sandboxing and security controls, the impact is limited to UI manipulation within the browser context only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user to visit malicious website with iframe content. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 128, Thunderbird 128

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-29/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to version 128 or higher. 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents pointerlock API exploitation but breaks most websites

Use NoScript extension

all

Selectively block JavaScript on untrusted sites

🧯 If You Can't Patch

  • Use alternative browsers until patched
  • Implement strict content security policies for web applications

🔍 How to Verify

Check if Vulnerable:

Check browser version in About dialog. If Firefox < 128 or Thunderbird < 128, vulnerable.

Check Version:

firefox --version (Linux) or check About Firefox menu

Verify Fix Applied:

Confirm version is 128 or higher in About dialog after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual pointerlock API usage in web logs
  • Multiple iframe pointerlock requests

Network Indicators:

  • Suspicious iframe content loading pointerlock scripts

SIEM Query:

web.logs | where user_agent contains "Firefox" and version < 128 | where url contains "pointerlock"

📊 Metadata

CVE ID: CVE-2024-6608
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Published: July 9, 2024
Last Updated: March 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON