{"id":"CVE-2023-25730","details":"A background script invoking \u003ccode\u003erequestFullscreen\u003c/code\u003e and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.","modified":"2026-04-16T00:01:34.451861625Z","published":"2023-06-02T17:15:11.097Z","related":["ALSA-2023:0808","ALSA-2023:0810","ALSA-2023:0821","ALSA-2023:0824","SUSE-SU-2023:0461-1","SUSE-SU-2023:0466-1","SUSE-SU-2023:0469-1","SUSE-SU-2023:0599-1","openSUSE-SU-2024:12702-1","openSUSE-SU-2024:12713-1","openSUSE-SU-2024:12753-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1794622"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25730.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"110.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.8"}]},{"events":[{"introduced":"0"},{"fixed":"102.8"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}]}