Main Vulnerability Database Vulnerabilities #VU97927

Improper Restriction of Rendered UI Layers or Frames in Firefox Focus for Android - CVE-2024-9391

Published: October 1, 2024

Vulnerability identifier: #VU97927

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-9391

CWE-ID: CWE-1021

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox Focus for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when exiting fullscreen mode. A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.

How to mitigate CVE-2024-9391

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-46/
https://bugzilla.mozilla.org/show_bug.cgi?id=1892407

Improper Restriction of Rendered UI Layers or Frames in Firefox Focus for Android - CVE-2024-9391

Detailed vulnerability description

How to mitigate CVE-2024-9391

Sources

Please verify you're human