Vulnerabilities > CVE-2025-1018 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mozilla
CWE-1021
NVD
Published: 2025-02-04
Updated: 2025-02-06

Summary

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

Vulnerable Configurations

Part Description Count
Application
Mozilla
182

Common Weakness Enumeration (CWE)

References