Vulnerability Description
Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 130.0 |
| Android | - |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1839074%2C1865413%2C1868970%2C18Broken Link
- https://bugzilla.mozilla.org/show_bug.cgi?id=1902996Issue TrackingPermissions Required
- https://www.mozilla.org/security/advisories/mfsa2024-39/Vendor Advisory
FAQ
What is CVE-2024-8388?
CVE-2024-8388 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. ...
How severe is CVE-2024-8388?
CVE-2024-8388 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-8388?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Google Android.