CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
70.3%
Different techniques existed to obscure the fullscreen notification in
Firefox and Focus for Android. These could have led to potential user
confusion and spoofing attacks. This bug only affects Firefox and Focus
for Android. Other versions of Firefox are unaffected. This vulnerability
affects Firefox for Android < 112 and Focus for Android < 112.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
rodrigo-zaiden | Android issue only |