CVE-2024-11698 Overview
A flaw in handling fullscreen transitions in Mozilla Firefox and Thunderbird may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.
This vulnerability specifically affects Mozilla applications when running on macOS. Other operating systems are unaffected by this issue.
Critical Impact
Users on macOS could be trapped in fullscreen mode with no standard method to exit, potentially leading to denial of service conditions, disrupted user workflows, and potential exploitation vectors for social engineering attacks where malicious content could be displayed without the ability to easily close or navigate away.
Affected Products
- Mozilla Firefox versions prior to 133
- Mozilla Firefox ESR versions prior to 128.5
- Mozilla Thunderbird versions prior to 133 and 128.5
Discovery Timeline
- 2024-11-26 - CVE-2024-11698 published to NVD
- 2025-06-24 - Last updated in NVD database
Technical Details for CVE-2024-11698
Vulnerability Analysis
This vulnerability resides in the fullscreen transition handling logic within Mozilla Firefox and Thunderbird when running on the macOS operating system. The flaw occurs when a modal dialog is opened during the critical window of a fullscreen transition, creating a race condition that disrupts the normal fullscreen state management.
When triggered, the application enters an inconsistent state where the fullscreen mode flag remains active, but the standard exit mechanisms become unresponsive. The "Esc" key, which normally exits fullscreen mode, fails to function, and right-click context menus that typically provide an exit option are inaccessible.
The impact extends beyond simple user inconvenience. An attacker could potentially craft a malicious webpage that intentionally triggers this condition, trapping users in fullscreen mode and displaying deceptive content. This could facilitate phishing attacks, fake security warnings, or other social engineering tactics where the victim cannot easily escape the malicious content.
Root Cause
The root cause of this vulnerability lies in improper state management during fullscreen transitions on macOS. When a modal dialog is presented during the transition period, the application fails to properly track and update the fullscreen state, resulting in a desynchronization between the actual window state and the internal state management system.
This timing-sensitive bug appears to be specific to macOS due to differences in how the operating system handles fullscreen window transitions compared to Windows and Linux. The macOS-specific windowing APIs and fullscreen animation sequences create a unique execution path where this race condition can occur.
Attack Vector
The attack vector for this vulnerability is network-based. A malicious actor could craft a webpage that programmatically triggers fullscreen mode and simultaneously presents a modal dialog during the transition. This could be accomplished through JavaScript that times the dialog presentation to coincide with the fullscreen API call.
The vulnerability can be triggered without requiring user authentication or special privileges. The attacker simply needs to lure a victim to a malicious webpage or inject malicious JavaScript into a compromised website. Once triggered, the victim's browser becomes trapped in fullscreen mode, displaying whatever content the attacker chooses.
Detection Methods for CVE-2024-11698
Indicators of Compromise
- Users reporting inability to exit fullscreen mode in Firefox or Thunderbird on macOS
- Unusual fullscreen API calls combined with rapid modal dialog presentations in browser logs
- macOS system logs indicating abnormal window state transitions in Mozilla applications
- User complaints about being trapped on specific websites with no ability to navigate away
Detection Strategies
- Monitor for JavaScript patterns that combine Element.requestFullscreen() calls with immediate modal dialog presentations
- Deploy endpoint detection rules that flag repeated fullscreen state changes on macOS systems running Firefox or Thunderbird
- Analyze web traffic for pages containing scripts that manipulate fullscreen APIs in conjunction with alert(), confirm(), or prompt() dialogs
- Implement browser extension monitoring for suspicious fullscreen behavior patterns
Monitoring Recommendations
- Enable browser telemetry to capture fullscreen API usage patterns
- Configure endpoint security solutions to alert on applications stuck in fullscreen state for extended periods
- Monitor system resource usage for Firefox and Thunderbird processes that may indicate users unable to close browsers normally
- Track incident reports from users regarding unresponsive fullscreen mode on macOS devices
How to Mitigate CVE-2024-11698
Immediate Actions Required
- Update Mozilla Firefox to version 133 or later immediately
- Update Mozilla Firefox ESR to version 128.5 or later
- Update Mozilla Thunderbird to version 133 or 128.5 or later
- Prioritize patching for macOS systems as other operating systems are not affected
- Inform users that restarting the browser is the temporary workaround if they encounter this issue
Patch Information
Mozilla has released security updates addressing this vulnerability. The following versions contain the fix:
- Firefox 133+
- Firefox ESR 128.5+
- Thunderbird 133+
- Thunderbird 128.5+
For complete details, refer to the official Mozilla Security Advisories:
- Mozilla Security Advisory MFSA-2024-63
- Mozilla Security Advisory MFSA-2024-64
- Mozilla Security Advisory MFSA-2024-67
- Mozilla Security Advisory MFSA-2024-68
Additional technical details are available in the Mozilla Bugzilla Report.
Workarounds
- If trapped in fullscreen mode, force quit the application using Command+Q on macOS
- Use Mission Control (F3 or swipe up with three fingers) to access other applications and force quit Firefox/Thunderbird
- Use Activity Monitor to terminate unresponsive Firefox or Thunderbird processes
- Consider temporarily using alternative browsers on macOS until patches are applied
- Disable JavaScript on untrusted sites as a temporary mitigation to prevent malicious triggering
# Check current Firefox version on macOS
/Applications/Firefox.app/Contents/MacOS/firefox --version
# Update Firefox via command line using Homebrew
brew upgrade --cask firefox
# Force quit Firefox if stuck in fullscreen
killall -9 firefox
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
