PT-2024-5893 · Mozilla+1 · Firefox+1

Hafiizh

Published

2024-09-03

Updated

2025-11-19

CVE-2024-8388

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 130

Description The issue is related to the notification announcing the transition to fullscreen mode in Firefox on Android. Multiple prompts and panels from both Firefox and the Android OS could be used to obscure this notification, potentially leading to spoofing of the browser UI if the user is distracted by the sudden appearance of a prompt. The notifications now use the Android Toast feature. This issue only affects Firefox on Android, with other operating systems being unaffected.

Recommendations For versions prior to 130, update to Firefox version 130 or later to resolve the issue. As a temporary workaround, consider being cautious when multiple prompts appear, ensuring to notice any visual transitions to fullscreen mode. Restricting the use of fullscreen mode until the update can also minimize the risk of exploitation.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-357

Related Identifiers

ALT-PU-2024-13895

ALT-PU-2024-15839

ALT-PU-2025-11100

ALT-PU-2025-14599

BDU:2024-06696

CVE-2024-8388

OPENSUSE-SU-2024:14358-1

Affected Products

Alt Linux

Firefox

PT-2024-5893 · Mozilla+1 · Firefox+1

CVE-2024-8388

Weakness Enumeration

Related Identifiers

Affected Products

References · 27