fkie_nvd - fkie_cve-2024-9391

fkie_cve-2024-9391

Vulnerability from fkie_nvd

Published

2024-10-01 16:15

Modified

2025-04-04 14:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.

References

▶	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1892407	Issue Tracking
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2024-46/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA47FFCA-3451-462C-8FFB-47143C65E65A",
              "versionEndExcluding": "131.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode.  This may allow spoofing of other sites as the address bar is no longer visible.\n*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 131."
    },
    {
      "lang": "es",
      "value": "A un usuario que habilite el modo de pantalla completa en una p\u00e1gina web especialmente manipulada se le podr\u00eda impedir salir del modo de pantalla completa. Esto podr\u00eda permitir la suplantaci\u00f3n de identidad de otros sitios, ya que la barra de direcciones ya no estar\u00e1 visible. *Este error solo afecta a Firefox Focus para Android. Las dem\u00e1s versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox \u0026lt; 131."
    }
  ],
  "id": "CVE-2024-9391",
  "lastModified": "2025-04-04T14:39:26.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-01T16:15:10.510",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1892407"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-46/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2024-9391 (GCVE-0-2024-9391)

Vulnerability from cvelistv5

Published

2024-10-01 15:13