A race condition with requestPointerLock() and setTimeout() could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements (such as <input type="file">) this could have led to an attack where a user was confused about the origin of the webpage and potentially disclosed information they did not intend to. This vulnerability affects Firefox < 88.
Una condición de carrera con las funciones requestPointerLock() y setTimeout() podría haber resultado en un usuario interactuando con una pestaña cuando creía que estaba en una pestaña separada. En conjunción con determinados elementos (como <input type="file">) esto podría haber conllevado a un ataque donde un usuario se confundiera sobre el origen de la página web y potencialmente revelara información que no pretendía. Esta vulnerabilidad afecta a Firefox versiones anteriores a 88
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, trick the user into disclosing confidential information, or execute arbitrary code. Various other issues were also addressed.
