CVE-2025-1019
published 2025-02-04CVE-2025-1019: The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 135.0-1 (sid) | firefox 135.0-1 (sid) |
| mozilla | firefox | < 135.0 | 135.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 135.0+build2-0ubuntu0.20.04.1 | 135.0+build2-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:140.7.1+build1-0ubuntu0.22.04.1 | 1:140.7.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= 131.0 < 135.0 | 135.0 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv9.8CRITICAL