Confusion and Spoofing Vulnerability in Fullscreen Mode Exiting

Confusion and Spoofing Vulnerability in Fullscreen Mode Exiting

CVE-2022-31738 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Learn more about our User Device Pen Test.