CVE-2024-49378 Information

Description

smartUp a web browser mouse gestures extension has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication no known patches exist.

Reference

https://securitylab.github.com/advisories/GHSL-2024-011_smartup/ https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800