Firefox <112 Fullscreen Notification Spoofing via window.open
CVE-2023-29533 Published on June 2, 2023

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

NVD

Products Associated with CVE-2023-29533

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29533 are published in these products:

Canonical Ubuntu Linux

Mozilla Thunderbird

Mozilla Focus

Mozilla FireFox Extended Support Release (ESR)

Mozilla Firefox

Affected Versions

Mozilla Firefox:

Version unspecified and below 112 is affected.

Mozilla Focus for Android:

Version unspecified and below 112 is affected.

Mozilla Firefox ESR:

Version unspecified and below 102.10 is affected.

Mozilla Firefox for Android:

Version unspecified and below 112 is affected.

Mozilla Thunderbird:

Version unspecified and below 102.10 is affected.

Exploit Probability

EPSS

0.13%

Percentile

32.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Firefox <112 Fullscreen Notification Spoofing via window.openCVE-2023-29533 Published on June 2, 2023

Products Associated with CVE-2023-29533

Affected Versions

Exploit Probability

Firefox <112 Fullscreen Notification Spoofing via window.open
CVE-2023-29533 Published on June 2, 2023