CVE-2025-1018
published 2025-02-04CVE-2025-1018: The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 135.0-1 (sid) | firefox 135.0-1 (sid) |
| mozilla | firefox | < 135.0 | 135.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 135.0+build2-0ubuntu0.20.04.1 | 135.0+build2-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:140.7.1+build1-0ubuntu0.22.04.1 | 1:140.7.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 131.0 < 135.0 | 135.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv9.8CRITICAL