7.3

CVE-2025-1018

Fullscreen notification is not displayed when fullscreen is re-requested

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEdition- Version < 135.0
MozillaThunderbird SwEdition- Version >= 131.0 < 135.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.321
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://www.mozilla.org/security/advisories/mfsa2025-11/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-07/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1910818
Permissions Required