CVE-2025-1018

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-1021
View all →

Vulnerability Description

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.

Related Vulnerabilities

CVE-2019-2125

HIGH
CVSS:7.3(High)

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without th...

CWE-10212019

CVE-2021-0314

HIGH
CVSS:7.3(High)

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ...

CWE-10212021

CVE-2021-0315

HIGH
CVSS:7.3(High)

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local e...

CWE-10212021

CVE-2021-0331

HIGH
CVSS:7.3(High)

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces...

CWE-10212021

CVE-2021-0333

HIGH
CVSS:7.3(High)

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting...

CWE-10212021

CVE-2021-0446

HIGH
CVSS:7.3(High)

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User ...

CWE-10212021