CVE-2024-6610: 
NixOS vulnerability analysis and mitigation

CVE-2024-6610 is a security vulnerability affecting Firefox versions prior to 128 and Thunderbird versions prior to 128, discovered and disclosed in July 2024. The vulnerability involves form validation popups that could capture escape key presses, potentially preventing users from exiting full-screen mode (Mozilla Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The technical issue stems from form validation popups being able to capture escape key presses, which could be exploited by spamming form validation messages to prevent users from exiting full-screen mode (NVD).

The vulnerability has a moderate impact on system security. It affects the availability of the system by potentially trapping users in full-screen mode, though it does not compromise confidentiality or integrity. The vulnerability is particularly concerning in browser-like contexts, though in Thunderbird, the risk is minimized as scripting is disabled when reading mail (Mozilla Advisory).

The vulnerability has been fixed in Firefox version 128 and Thunderbird version 128. Users are advised to upgrade to these versions or later to mitigate the risk. For Firefox, the fix was released on July 9, 2024, and for Thunderbird, it was released on July 11, 2024 (Mozilla Advisory, Mozilla Advisory).