PT-2024-7620 · Mozilla+4 · Firefox+4

Fabian Fäßler

Published

2024-06-11

Updated

2025-06-06

CVE-2024-5689

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 127

Description The issue is related to incorrect restriction of visualizable layers in the user interface of the Firefox browser's screenshot creation page. This could allow a remote attacker to compromise data integrity. Additionally, a website could overlay a 'My Shots' button when a user takes a screenshot and direct them to a replica Firefox Screenshots page for phishing purposes.

Recommendations For versions prior to 127, update to version 127 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the screenshot feature until a patch is available. Restrict access to untrusted websites to minimize the risk of exploitation.

Exploit

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

ALT-PU-2024-13895

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2024-09026

CVE-2024-5689

OESA-2025-1604

OESA-2025-1605

OPENSUSE-SU-2024:14044-1

OPENSUSE-SU-2024:14572-1

USN-6862-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2024-7620 · Mozilla+4 · Firefox+4

CVE-2024-5689

Weakness Enumeration

Related Identifiers

Affected Products

References · 1907