Login Sign Up

CVE-2024-7518

6.5 MEDIUM

📋 TL;DR

This vulnerability allows malicious websites to obscure the fullscreen notification dialog in Firefox and Thunderbird, enabling spoofing attacks where users might be tricked into interacting with fake UI elements. It affects Firefox versions before 129, Firefox ESR before 128.1, and Thunderbird before 128.1.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 129, Firefox ESR < 128.1, Thunderbird < 128.1
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable; no special settings required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into providing sensitive information or performing unintended actions by interacting with spoofed UI elements that appear legitimate.

🟠

Likely Case

Phishing attacks where users are deceived by fake fullscreen dialogs requesting credentials or permissions.

🟢

If Mitigated

Minimal impact if users are trained to recognize suspicious dialogs and browsers are kept updated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (visiting a malicious website) but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 129, Firefox ESR 128.1, Thunderbird 128.1

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-33/

Restart Required: Yes

Instructions:

1. Open the browser/application. 2. Go to Settings/Preferences > General/About. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents the malicious script from obscuring the fullscreen dialog, but breaks many website functionalities.

Avoid untrusted websites

all

Only visit trusted websites to reduce exposure to potential malicious sites.

🧯 If You Can't Patch

  • Use an alternative browser that is not affected by this vulnerability.
  • Implement network filtering to block known malicious websites.

🔍 How to Verify

Check if Vulnerable:

Check the browser/application version against affected versions: Firefox < 129, Firefox ESR < 128.1, Thunderbird < 128.1.

Check Version:

On Firefox/Thunderbird: Open application, go to Settings/Preferences > General/About to view version.

Verify Fix Applied:

Confirm the version is updated to Firefox 129, Firefox ESR 128.1, or Thunderbird 128.1 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual fullscreen permission requests from unfamiliar websites in browser logs.

Network Indicators:

  • Connections to known malicious domains that might host exploit code.

SIEM Query:

Search for browser logs with fullscreen API calls from suspicious domains or user reports of spoofed dialogs.

📊 Metadata

CVE ID: CVE-2024-7518
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-1021
Published: August 6, 2024
Last Updated: October 29, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7518, you might also want to check these:

CVE-2021-23274 9.8

This CVE describes a clickjacking vulnerability in TIBCO API Exchange Gateway's Config UI component ...

Same vulnerability type (CWE-1021)
CVE-2021-21132 9.6

This vulnerability in Chrome DevTools allowed malicious Chrome extensions to escape the browser's se...

Same vulnerability type (CWE-1021)
CVE-2024-10004 9.1

This vulnerability in Firefox for iOS causes the browser to incorrectly display an HTTPS padlock ico...

Same vulnerability type (CWE-1021)