{"id":"CVE-2024-1549","details":"If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8.","modified":"2026-03-13T07:49:22.548647Z","published":"2024-02-20T14:15:08.683Z","related":["ALSA-2024:0952","ALSA-2024:0955","ALSA-2024:0963","ALSA-2024:0964","CGA-6ffh-cp5p-qpfj","MGASA-2024-0049","MGASA-2024-0050","SUSE-SU-2024:0580-1","SUSE-SU-2024:0607-1","SUSE-SU-2024:0608-1","SUSE-SU-2024:1002-1","openSUSE-SU-2024:13711-1","openSUSE-SU-2024:13728-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-06/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-07/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-05/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1833814"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1549.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.8.0"}]},{"events":[{"introduced":"0"},{"fixed":"123.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}