CVE-2025-13132

CVE-2025-13132 affects the "dia" browser (Red Hat/Dia references) where a flaw allows entering fullscreen after a user click without showing the fullscreen notification toast. This could let a malicious site spoof the UI (e.g., fake address bar). Root cause: lack of fullscreen notification. Impac...

EUVD-2020-1927

Malware in sbrugna...

CVE-2023-40120

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21191

In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

RHEL 9 : thunderbird (RHSA-2023:0476)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0476 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...

Mozilla: Fullscreen notification bypass

The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks...

RHEL 9 : firefox (RHSA-2023:0285)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0285 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2023-22488

CVE-2023-22488 affects Flarum core notification logic. The vulnerability stems from the notification-sending flow not validating that the notification subject is visible to the recipient, enabling reading of restricted/private content via subscriptions. Impact includes leakage of posts (including...

DEBIAN-CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-38474

A website that had permission to access the microphone could record audio without the audio notification being shown. This bug does not allow the attacker to bypass the permission prompt - it only affects the notification shown once permission has been granted.This bug only affects Firefox for...

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

RHEL 8 : thunderbird (RHSA-2022:8547)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8547 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Security Fixes: Mozilla:...

CVE-2022-20266

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed fo...

ASB-A-209965481

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing...

Design/Logic Flaw

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page...

CVE-2020-6504

Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page...

CVE-2019-2219

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1504-1)

Mozilla Firefox was updated to 38.2.1 ESR, fixing two severe security bugs. bsc943608 - MFSA 2015-94/CVE-2015-4497 bsc943557: Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 bsc943558: Add-on notification bypass through data URLs Note that Tenable Network...

FreeBSD : mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6)

The Mozilla Project reports : MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...