Main Vulnerability Database Vulnerabilities #VU96734

Insufficient UI Warning of Dangerous Operations in Firefox for Android - CVE-2024-8388

Published: September 3, 2024

Vulnerability identifier: #VU96734

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-8388

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode. A remote attacker can perform spoofing attack.

How to mitigate CVE-2024-8388

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-39/

Insufficient UI Warning of Dangerous Operations in Firefox for Android - CVE-2024-8388

Detailed vulnerability description

How to mitigate CVE-2024-8388

Sources

Please verify you're human