CVE-2023-25730
Advisory lineage Upstream: 0 Downstream: 33
Modified
Published: 02 Jun 2023, 00:00
Last modified:10 Jan 2025, 17:32
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.4 MEDIUM
v3.1 (cve.org)
EPSS Score
0.11% LOW
0% probability +0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Jun 2023, 00:00
Published
Vulnerability first disclosed
10 Jan 2025, 17:32
Last Modified
Vulnerability information updated
Description
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Trends
Current EPSS score: 0.11%• Percentile: 28%
Techniques & Countermeasures
- CWE-1021•Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
Affected Systems
- mozilla•firefox
< 110.0 | ≥ unspecified, < 110
- mozilla•firefox_esr
< 102.8 | ≥ unspecified, < 102.8
- mozilla•thunderbird
< 102.8 | ≥ unspecified, < 102.8