CVE-2024-6605 is a vulnerability identified in Mozilla Firefox for Android versions below 128, where the browser allowed immediate interaction with permission prompts. This behavior can be exploited through tapjacking, a technique where an attacker overlays or manipulates the user interface to trick users into interacting with hidden or disguised UI elements, such as permission dialogs. The vulnerability falls under CWE-277, which relates to improper authorization, indicating that the permission prompt handling did not adequately prevent unauthorized or unintended user actions. The CVSS 3.1 base score of 8.8 reflects a high-severity issue with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker could gain unauthorized access to sensitive data, manipulate browser behavior, or disrupt service availability. Although no exploits have been reported in the wild, the vulnerability's nature makes it a prime candidate for social engineering attacks that could lead to unauthorized permission grants, potentially compromising device security and user privacy. The lack of specified affected versions beyond being less than 128 suggests all earlier Firefox Android versions are vulnerable. No patch links are currently provided, indicating that a fix may be pending or recently released. The vulnerability's exploitation requires user interaction but no prior authentication, increasing its risk profile given the widespread use of Firefox on Android devices globally.

For European organizations, this vulnerability poses a significant risk, especially for those with employees or users relying on Firefox for Android. Exploitation could lead to unauthorized access to sensitive corporate data, interception or manipulation of communications, and potential installation of malicious applications or malware via granted permissions. The high impact on confidentiality, integrity, and availability could disrupt business operations and lead to data breaches, regulatory non-compliance (e.g., GDPR), and reputational damage. The requirement for user interaction means phishing or social engineering campaigns could be used to exploit this vulnerability, increasing the threat surface. Organizations with mobile workforces or BYOD policies are particularly vulnerable. Additionally, sectors such as finance, government, and critical infrastructure in Europe could face targeted attacks leveraging this vulnerability to gain footholds or escalate privileges on mobile devices.

European organizations should immediately prepare to deploy Firefox updates once Mozilla releases patches for this vulnerability. Until patches are available, organizations should implement the following measures: 1) Educate users about the risks of tapjacking and the importance of carefully reviewing permission prompts before granting access. 2) Employ mobile device management (MDM) solutions to restrict or monitor app permissions and control installation of untrusted applications. 3) Use security solutions capable of detecting suspicious UI overlays or tapjacking attempts on Android devices. 4) Encourage users to disable or limit permissions for apps that do not require them and to avoid interacting with unexpected permission prompts. 5) Monitor network and endpoint logs for unusual activity that may indicate exploitation attempts. 6) Consider restricting Firefox usage on Android devices in high-risk environments until patched. 7) Collaborate with security teams to simulate social engineering scenarios to raise awareness and test defenses against tapjacking attacks.