1542 matches found
Chromium: CVE-2026-10908 Use after free in FullScreen
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
DEBIAN-CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10908
CVE-2026-10908 affects Google Chrome on Windows. It is a Use-after-Free in FullScreen handling that, if a renderer process is compromised, could allow a sandbox escape via a crafted HTML page. Google Chrome 149.0.7827.53 (and later) includes fixes. The EUVD/NVD entries corroborate the same vector...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the FullScreen component after its release, which could allow remote attackers to exploit the...
Astra Linux – Vulnerability in Firefox and Thunderbird
When reusing existing popups, Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
Astra Linux – Vulnerability in Firefox and Thunderbird
Through a series of window.print calls and popups, an attacker can make a window become fullscreen without the user seeing the notification prompt. This can lead to potential confusion among users or be used in spoofing attacks. This vulnerability affects Firefox ESR version 102.5, Thunderbird...
Astra Linux – Vulnerability in Firefox
Form validation popups may capture escape key presses. Therefore, spamming form validation messages can be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox 128 and Thunderbird 128...
Astra Linux – Vulnerability in Firefox and Thunderbird
By misusing a race in our notification code, an attacker could have forcibly hide notifications for pages that had received full-screen and pointer-lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Astra Linux – Vulnerability in Firefox and Thunderbird
A website could have obscured the fullscreen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbi...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
When resizing a popup after requesting fullscreen access, the popup does not display the fullscreen notification. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...
Astra Linux – Vulnerability in Firefox and Thunderbird
When navigating from within an iframe while requesting fullscreen access, a tab controlled by an attacker could prevent the browser from exiting fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux – Vulnerability in Firefox and Thunderbird
Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt. This results in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Firefox and Thunderbird
When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Astra Linux – Vulnerability in Firefox and Thunderbird
A malicious website could have used a combination of the fullscreen mode and the requestPointerLock function to cause the user’s mouse to be repositioned unexpectedly. This could lead to confusion among users and, inadvertently, the granting of permissions that the user did not intend to grant...
Astra Linux – Vulnerability in Firefox and Thunderbird
Through a series of maneuvers, Firefox could have entered fullscreen mode without notifying or warning the user. This could lead to spoofing attacks on the browser interface, including phishing attempts. This vulnerability affects Firefox versions earlier than 94, Thunderbird versions earlier tha...