First published: Tue Apr 11 2023(Updated: )
A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <102.10 | 102.10 |
Mozilla Thunderbird | <102.10 | 102.10 |
Mozilla Firefox | <112 | 112 |
All of | ||
Mozilla Firefox | =112 | |
Google Android | ||
All of | ||
Mozilla Focus | =112 | |
Google Android | ||
Mozilla Firefox | <112.0 | |
Mozilla Firefox | <112.0 | |
Mozilla Firefox ESR | <102.10 | |
Mozilla Focus | <112.0 | |
Mozilla Thunderbird | <102.10 | |
debian/firefox | 131.0-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.3.0esr-1~deb11u2 115.14.0esr-1~deb12u1 128.3.0esr-1~deb12u1 115.15.0esr-1 128.3.0esr-2 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:115.15.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.15.0-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2023-29533.
The severity level of CVE-2023-29533 is high.
CVE-2023-29533 affects Mozilla Thunderbird, Firefox, Firefox ESR, and Google Android.
CVE-2023-29533 can be exploited by obscuring the fullscreen notification using window.open, fullscreen requests, window.name assignments, and setInterval calls.
You can find more information about CVE-2023-29533 on the Mozilla Bugzilla and Mozilla Security Advisories websites.