CVE-2024-1549: 
NixOS vulnerability analysis and mitigation

CVE-2024-1549 is a security vulnerability discovered in Firefox, Firefox ESR, and Thunderbird that affects versions prior to Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. The vulnerability allows a website to set a large custom cursor that could overlap with permission dialogs, potentially resulting in user confusion and unexpected granted permissions (Mozilla Advisory, NVD).

The vulnerability is rated as moderate severity with a CVSS v3.1 base score of 6.1 (MEDIUM). The issue occurs when a website sets a large custom cursor (128x128 pixels) that can overlap with browser permission dialogs. The cursor could be designed to be partially transparent with a normal-sized cursor positioned elsewhere, potentially leading to clickjacking attacks where users might click on unintended permission options (Mozilla Bugzilla).

The vulnerability could lead to user confusion and inadvertently granting permissions they did not intend to grant. An attacker could craft a cursor in such a way that when users attempt to deny permissions, they might accidentally click the allow button instead. This affects various permission dialogs including geolocation, camera access, and add-on installation prompts (Mozilla Advisory).

The vulnerability has been fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Users are advised to update their browsers to these versions or later. The fix involves modifying the cursor behavior to ensure it cannot overlap with permission dialogs and other browser chrome elements (Mozilla Advisory, Debian Advisory).