Endpoint Vulnerability

Incorrect icon displayed on permissions notifications

Description

Security researcher Tim McCormack reported that when a page requests a series of permissions in a short timespan, the resulting permission notifications can show the icon for the wrong permission request. This can lead to user confusion and inadvertent consent given when a user is prompted by web content to give permissions, such as for geolocation or microphone access.

Affected Products

Firefox

References

CVE-2016-2829,