CVE-2023-29534
Description
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks.
*This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In Firefox for Android and Focus for Android, multiple techniques could obscure the fullscreen notification, enabling user confusion and spoofing attacks.
Vulnerability
Multiple techniques existed in Firefox for Android and Focus for Android that could obscure the fullscreen notification toast. These include using an HTML select element to trigger a floating panel [1], launching an Android intent (e.g., Google Assistant) via a URI [3], and having the system keyboard appear in landscape mode [4]. All methods could hide the fullscreen notification from the user. Affected versions: Firefox for Android < 112 and Focus for Android < 112 [2].
Exploitation
An attacker hosts a malicious webpage and entices the user to visit it on the affected browser. The page triggers a fullscreen request while simultaneously launching another UI element (select dropdown, intent prompt, or keyboard) that overlays the fullscreen notification. For example, clicking a button can trigger both fullscreen and select option dialogs simultaneously [1]. The user may not see the fullscreen notification and could be presented with a spoofed interface.
Impact
Successful exploitation allows an attacker to obscure the fullscreen notification, leading to user confusion and potential spoofing attacks. The user may be tricked into granting permissions (e.g., camera, microphone) or interacting with a fake UI, thinking they are in a normal page context [2].
Mitigation
This vulnerability is fixed in Firefox for Android 112 and Focus for Android 112 [2]. Users should update their browsers to these versions or later. No other workarounds are available, as the fix involves redesigning the fullscreen notification mechanism [1][4].
- 1816059 - (CVE-2023-29534) Obscuring the Full-Screen Toast in Android Through the Select Tag
- Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112
- 1816007 - Obscuring Full-Screen Toast in Android Through Google Assistant URI
- 1821155 - keyboard layout hides fullscreen notification on landscape mode on firefoxfocus, leads to spoof
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6<112+ 1 more
- (no CPE)range: <112
- (no CPE)range: unspecified
<112+ 1 more
- (no CPE)range: <112
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 112.0.1-1.1
Patches
1770b09a76b5eVersion bump to 112.0
5 files changed · +5 −5
Blockzilla/Info.plist+1 −1 modified@@ -15,7 +15,7 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>9000</string> + <string>112.0</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleURLTypes</key>
ContentBlocker/Info.plist+1 −1 modified@@ -17,7 +17,7 @@ <key>CFBundlePackageType</key> <string>XPC!</string> <key>CFBundleShortVersionString</key> - <string>9000</string> + <string>112.0</string> <key>CFBundleSignature</key> <string>????</string> <key>CFBundleVersion</key>
FocusIntentExtension/Info.plist+1 −1 modified@@ -17,7 +17,7 @@ <key>CFBundlePackageType</key> <string>XPC!</string> <key>CFBundleShortVersionString</key> - <string>9000</string> + <string>112.0</string> <key>CFBundleVersion</key> <string>1</string> <key>NSExtension</key>
OpenInFocus/Info.plist+1 −1 modified@@ -17,7 +17,7 @@ <key>CFBundlePackageType</key> <string>XPC!</string> <key>CFBundleShortVersionString</key> - <string>9000</string> + <string>112.0</string> <key>CFBundleVersion</key> <string>1</string> <key>NSExtension</key>
Widgets/Info.plist+1 −1 modified@@ -3,7 +3,7 @@ <plist version="1.0"> <dict> <key>CFBundleShortVersionString</key> - <string>9000</string> + <string>112.0</string> <key>NSExtension</key> <dict> <key>NSExtensionPointIdentifier</key>
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
8- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- bugzilla.mozilla.org/show_bug.cgimitre
- www.mozilla.org/security/advisories/mfsa2023-13/mitre
News mentions
0No linked articles in our index yet.