Vulnerabilities > CVE-2020-26953 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
- https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
- https://www.mozilla.org/security/advisories/mfsa2020-50/
- https://www.mozilla.org/security/advisories/mfsa2020-50/
- https://www.mozilla.org/security/advisories/mfsa2020-51/
- https://www.mozilla.org/security/advisories/mfsa2020-51/
- https://www.mozilla.org/security/advisories/mfsa2020-52/
- https://www.mozilla.org/security/advisories/mfsa2020-52/