CVE-2024-9391
published 2024-10-01CVE-2024-9391: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 131.0 | 131.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 131 | 131 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM
Red Hat
firefox: Prevent users from exiting full-screen mode in Firefox Focus for Android
vendor_redhat·2024-10-01·CVSS 6.5
CVE-2024-9391 [MEDIUM] firefox: Prevent users from exiting full-screen mode in Firefox Focus for Android
firefox: Prevent users from exiting full-screen mode in Firefox Focus for Android
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full-screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
Statement: This bug only affects Firefox Focus for Andro
Debian
CVE-2024-9391: firefox - A user who enables full-screen mode on a specially crafted web page could potent...
vendor_debian·2024·CVSS 6.5
CVE-2024-9391 [MEDIUM] CVE-2024-9391: firefox - A user who enables full-screen mode on a specially crafted web page could potent...
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-46: CVE-2024-9391
vendor_mozilla·CVSS 6.5
CVE-2024-9391 [MEDIUM] Mozilla Foundation Security Advisory 2024-46: CVE-2024-9391
Mozilla Foundation Security Advisory 2024-46
CVE: CVE-2024-9391
Product: Firefox
Impact: high
Fixed in: Firefox 131
GHSA
GHSA-p5hw-4fxj-g4x6: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode
ghsa_unreviewed·2024-10-01
CVE-2024-9391 [MEDIUM] CWE-290 GHSA-p5hw-4fxj-g4x6: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.
*This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
OSV
CVE-2024-9391: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode
osv·2024-10-01·CVSS 6.5
CVE-2024-9391 [MEDIUM] CVE-2024-9391: A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode
A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible. *This bug only affects Firefox Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-01
Published