CVE-2024-8388

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. 
*This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mozillaCNA
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
mozillafirefox
𝑥
< 130.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
139.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
noble
not-affected
jammy
not-affected
focal
not-affected
thunderbird
noble
not-affected
jammy
not-affected
focal
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1839074%2C1865413%2C1868970%2C1873367%2C1877820%2C1884642%2C1886469%2C1894326%2C1894891%2C1897648
https://bugzilla.mozilla.org/show_bug.cgi?id=1902996
https://www.mozilla.org/security/advisories/mfsa2024-39/