Forum
CVE-2023-29533 - Firefox
Zitat von MITs Forum am 2. Juni 2023, 0:00 UhrA website could have obscured the fullscreen notification by using a combination of
window.open
, fullscreen requests,window.name
assignments, andsetInterval
calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.References
https://bugzilla.mozilla.org/show_bug.cgi?id=1798219
https://bugzilla.mozilla.org/show_bug.cgi?id=1814597
https://www.mozilla.org/security/advisories/mfsa2023-13/
https://www.mozilla.org/security/advisories/mfsa2023-14/
https://www.mozilla.org/security/advisories/mfsa2023-15/
A website could have obscured the fullscreen notification by using a combination of window.open
, fullscreen requests, window.name
assignments, and setInterval
calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1798219
https://bugzilla.mozilla.org/show_bug.cgi?id=1814597
https://www.mozilla.org/security/advisories/mfsa2023-13/
https://www.mozilla.org/security/advisories/mfsa2023-14/
https://www.mozilla.org/security/advisories/mfsa2023-15/