Main Vulnerability Database Vulnerabilities #VU97927

#VU97927 Improper Restriction of Rendered UI Layers or Frames in Firefox Focus for Android - CVE-2024-9391

Published: October 1, 2024

Vulnerability identifier: #VU97927

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-9391

CWE-ID: CWE-1021

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox Focus for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when exiting fullscreen mode. A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/
https://bugzilla.mozilla.org/show_bug.cgi?id=1892407

#VU97927 Improper Restriction of Rendered UI Layers or Frames in Firefox Focus for Android - CVE-2024-9391

Description

Remediation

External links

Please verify you're human