Forum
CVE-2023-25730 - Thunderbird, Firefox
Zitat von MITs Forum am 2. Juni 2023, 0:00 UhrA background script invoking
requestFullscreen
and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.References
https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
https://www.mozilla.org/security/advisories/mfsa2023-05/
https://www.mozilla.org/security/advisories/mfsa2023-06/
https://www.mozilla.org/security/advisories/mfsa2023-07/
A background script invoking requestFullscreen
and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1794622
https://www.mozilla.org/security/advisories/mfsa2023-05/
https://www.mozilla.org/security/advisories/mfsa2023-06/
https://www.mozilla.org/security/advisories/mfsa2023-07/