PT-2024-7792 · Mozilla+1 · Firefox Focus For Android+2

James Lee

Published

2024-10-01

Updated

2025-11-19

CVE-2024-9391

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 131 Firefox Focus for Android versions prior to 131

Description A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the address bar is no longer visible.

Recommendations For Firefox versions prior to 131, update to version 131 or later to resolve the issue. For Firefox Focus for Android versions prior to 131, update to version 131 or later to resolve the issue. As a temporary workaround, consider disabling full-screen mode on specially crafted web pages until a patch is available.

Fix

Clickjacking

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-290

Related Identifiers

ALT-PU-2024-13895

ALT-PU-2024-15839

ALT-PU-2025-11100

ALT-PU-2025-14599

BDU:2024-09292

CVE-2024-9391

OPENSUSE-SU-2024:14385-1

Affected Products

Alt Linux

Firefox

Firefox Focus For Android

PT-2024-7792 · Mozilla+1 · Firefox Focus For Android+2

CVE-2024-9391

Weakness Enumeration

Related Identifiers

Affected Products

References · 29