Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns


The vulnerability (CVE202222746), which existed in Windows versions of Firefox, is a race condition bug that could cause the browser’s fullscreen notification warning to be ignored.

Controlling a fullscreen browser window without the user’s knowledge allows the attacker to spoof the URL address bar of a legitimate site – something that is normally controlled by the browser, along with other ‘above the line’ trust indicators.

Read More…