{"id":"CVE-2024-2609","details":"The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.10, and Thunderbird \u003c 115.10.","modified":"2026-03-13T07:53:31.513093Z","published":"2024-03-19T12:15:08.910Z","related":["ALSA-2024:1908","ALSA-2024:1912","MGASA-2024-0151","MGASA-2024-0153","SUSE-SU-2024:1319-1","SUSE-SU-2024:1350-1","SUSE-SU-2024:1437-1","SUSE-SU-2024:1676-1","SUSE-SU-2024:1770-1","openSUSE-SU-2024:13795-1","openSUSE-SU-2024:13884-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-20/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-12/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2024-19/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1866100"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2609.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.10.0"}]},{"events":[{"introduced":"0"},{"fixed":"124.0"}]},{"events":[{"introduced":"0"},{"fixed":"115.10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}