Spoofing Issue in Mozilla Firefox and Thunderbird
CVE-2025-1018

5.3MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 4 February 2025

Summary

A vulnerability exists in Mozilla Firefox and Thunderbird where the fullscreen notification is hidden too quickly when the user re-requests fullscreen mode. This flaw could be exploited to execute potential spoofing attacks, compromising user trust and security. Users of Firefox version 135 and earlier, as well as Thunderbird version 135 and earlier, should take precautions to safeguard their systems from possible exploitation.

Affected Version(s)

Firefox < 135

Thunderbird < 135

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1910818

https://www.mozilla.org/security/advisories/mfsa2025-07/

https://www.mozilla.org/security/advisories/mfsa2025-11/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Feb 4, 2025

Credit

Irvan Kurniawan