Astra Linux – Vulnerability in Firefox and Thunderbird

When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

Astra Linux – Vulnerability in Firefox and Thunderbird

When navigating from within an iframe while requesting fullscreen access, a tab controlled by an attacker could prevent the browser from exiting fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Astra Linux – Vulnerability in Firefox and Thunderbird

Through a series of window.print calls and popups, an attacker can make a window become fullscreen without the user seeing the notification prompt. This can lead to potential confusion among users or be used in spoofing attacks. This vulnerability affects Firefox ESR version 102.5, Thunderbird...

Astra Linux – Vulnerability in Chromium

The incorrect security UI in the full-screen UI of Google Chrome prior to version 142.0.7444.59 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Firefox

Form validation popups may capture escape key presses. Therefore, spamming form validation messages can be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox 128 and Thunderbird 128...

Astra Linux – Vulnerability in Firefox and Thunderbird

A malicious website could have used a combination of the fullscreen mode and the requestPointerLock function to cause the user’s mouse to be repositioned unexpectedly. This could lead to confusion among users and, inadvertently, the granting of permissions that the user did not intend to grant...

Astra Linux – Vulnerability in Firefox

A website could have obscured the fullscreen notification by using an option element, introducing a delay through a costly computational process. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox versions earlier than 115...

Astra Linux – Vulnerability in Firefox and Thunderbird

When resizing a popup after requesting fullscreen access, the popup does not display the fullscreen notification. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...

Astra Linux – Vulnerability in Firefox and Thunderbird

A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...

Astra Linux – Vulnerability in Firefox and Thunderbird

When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

Astra Linux – Vulnerability in Firefox, Thunderbird

Through a series of maneuvers, Firefox could have entered fullscreen mode without notifying or warning the user. This could lead to spoofing attacks on the browser interface, including phishing attempts. This vulnerability affects Firefox versions earlier than 94, Thunderbird versions earlier tha...

Astra Linux – Vulnerability in Firefox, Thunderbird

A website could have obscured the fullscreen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbi...

Astra Linux – Vulnerability in Firefox, Thunderbird

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt. This results in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Astra Linux – Vulnerability in Thunderbird, Firefox

By confusing the browser, the fullscreen notification could have been delayed or suppressed, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox versions earlier than 108...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox and Thunderbird

By misusing a race in our notification code, an attacker could have forcibly hide notifications for pages that had received full-screen and pointer-lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Fedora 43 : chromium (2026-c5c0986fb6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c5c0986fb6 advisory. Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Inpu...

SUSE CVE-2026-11648

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-35248

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...