CVE-2024-11698

A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1916152	Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-63/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-64/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-67/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-68/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-26 14:15

Updated : 2025-06-24 17:04

NVD link : CVE-2024-11698

Mitre link : CVE-2024-11698

CVE.ORG link : CVE-2024-11698

JSON object : View

Products Affected

mozilla

firefox
thunderbird

apple

macos

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-11698", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-26T14:15:19.330", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1916152", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing \"Esc\" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. \n*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5."}, {"lang": "es", "value": "Es posible que una falla en el manejo de las transiciones de pantalla completa haya provocado que, sin darse cuenta, la aplicaci\u00f3n se quedara bloqueada en el modo de pantalla completa cuando se abr\u00eda un cuadro de di\u00e1logo modal durante la transici\u00f3n. Este problema imped\u00eda a los usuarios salir del modo de pantalla completa mediante acciones est\u00e1ndar, como presionar \"Esc\" o acceder a los men\u00fas del bot\u00f3n derecho, lo que provocaba una experiencia de navegaci\u00f3n interrumpida hasta que se reiniciaba el navegador. *Este error solo afecta a la aplicaci\u00f3n cuando se ejecuta en macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133 y Thunderbird < 128.5."}], "lastModified": "2025-06-24T17:04:57.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "vulnerable": true, "matchCriteriaId": "883C5169-FA69-4478-BE73-4F36AB746D39", "versionEndExcluding": "128.5.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B0358306-5BCC-49DE-B7A5-429C8BC71BBA", "versionEndExcluding": "133.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C047DD2-FCBA-4474-8AAE-DBB9A5142E4F", "versionEndExcluding": "128.5.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809C8F59-3AAB-49E8-9F18-6884EC6E4E92", "versionEndExcluding": "133.0", "versionStartIncluding": "129.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}