Spoofing Issue in Mozilla Firefox and Thunderbird
CVE-2025-1018

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Thunderbird
Vendor
CVE Published:
4 February 2025

Summary

A vulnerability exists in Mozilla Firefox and Thunderbird where the fullscreen notification is hidden too quickly when the user re-requests fullscreen mode. This flaw could be exploited to execute potential spoofing attacks, compromising user trust and security. Users of Firefox version 135 and earlier, as well as Thunderbird version 135 and earlier, should take precautions to safeguard their systems from possible exploitation.

Affected Version(s)

Firefox < 135

Thunderbird < 135

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1910818
https://www.mozilla.org/security/advisories/mfsa2025-07/
https://www.mozilla.org/security/advisories/mfsa2025-11/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Irvan Kurniawan
.