CVE-2026-45150

Summary

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and combine with long-domain URL eliding to spoof a trusted origin for phishing and credential theft. This issue is fixed in version 1.19.13b.

Affected Software

VendorProductVersion RangeStatus
zen-browserdesktop< 1.19.13baffected

Weaknesses

  • CWE-451: CWE-451: User Interface (UI) Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References