A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 115.0 (excluding) |
Firefox_esr | Mozilla | * | 102.13 (excluding) |
Thunderbird | Mozilla | * | 102.13 (excluding) |