Full-Screen Spoofing Vulnerability in Firefox, Thunderbird, and Firefox ESR

Full-Screen Spoofing Vulnerability in Firefox, Thunderbird, and Firefox ESR

CVE-2021-38506 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Learn more about our Phishing Simulation.