CVE-2023-25743

Summary

A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>This bug only affects Firefox Focus. Other versions of Firefox are unaffected.. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 110affected
MozillaFirefox ESRunspecified < 102.8affected

Weaknesses

  • Fullscreen notification not shown in Firefox Focus

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References