39 matches found
Astra Linux - уязвимость в firefox, thunderbird
Through a series of maneuvers, Firefox could have entered fullscreen mode without notifying or warning the user. This could lead to spoofing attacks on the browser interface, including phishing attempts. This vulnerability affects Firefox versions earlier than 94, Thunderbird versions earlier tha...
Astra Linux - уязвимость в firefox, thunderbird
Through a series of window.print calls and popups, an attacker can make a window become fullscreen without the user seeing the notification prompt. This can lead to potential confusion among users or be used in spoofing attacks. This vulnerability affects Firefox ESR version 102.5, Thunderbird...
Astra Linux - уязвимость в firefox, thunderbird
A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox 112, Focus for Android 112,...
CVE-2026-8561
The CVE-2026-8561 entry concerns Google Chrome (Chromium-based) and its Fullscreen UI: an incorrect security UI in Fullscreen allowed a remote attacker to spoof UI via a crafted HTML page. Transcripted details across sources confirm the vulnerable component is the fullscreen security UI, with the...
Astra Linux - уязвимость в firefox
The fullscreen notification is prematurely hidden when the user quickly requests fullscreen again. This vulnerability could have been exploited to carry out a spoofing attack. This issue has been fixed in Firefox 135 and Thunderbird 135...
CVE-2025-13132 Dia: Increased Spoof Risk; Missing full screen toast
This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification toast appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI like a fake address bar...
CVE-2025-13132
CVE-2025-13132 affects the "dia" browser (Red Hat/Dia references) where a flaw allows entering fullscreen after a user click without showing the fullscreen notification toast. This could let a malicious site spoof the UI (e.g., fake address bar). Root cause: lack of fullscreen notification. Impac...
TencentOS Server 3: thunderbird (TSSA-2023:0054)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Mozilla Firefox < 56.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 56.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-21 advisory. - Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith, Davi...
CVE-2024-13178
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2025-12444
Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Linux Distros Unpatched Vulnerability : CVE-2021-38506
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on...
Linux Distros Unpatched Vulnerability : CVE-2022-29914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This...
Linux Distros Unpatched Vulnerability : CVE-2022-45404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in...
Linux Distros Unpatched Vulnerability : CVE-2024-1548
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing...
Mozilla Firefox < 135.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 135.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-07 advisory. - Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory...
SUSE CVE-2025-0440
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2025-0440
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Important: firefox
Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. CVE-2024-1546 Through a series of API calls and...
Important: thunderbird
Issue Overview: When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. CVE-2024-1546 Through a series of API calls and...