CVE-2023-25743: 
Mozilla Firefox vulnerability analysis and mitigation

CVE-2023-25743 is a security vulnerability discovered in Firefox Focus that involves a lack of in-app notification when entering fullscreen mode. The vulnerability was disclosed on February 14, 2023, and affects Firefox Focus versions prior to 110. This security flaw is specific to Firefox Focus, with other versions of Firefox being unaffected (Mozilla Advisory).

The vulnerability stems from the absence of a notification system when a webpage enters fullscreen mode in Firefox Focus. This implementation flaw could allow a malicious website to spoof browser chrome without user awareness. The vulnerability has been assigned a high severity rating, with a CVSS v3.1 base score of 7.5 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability could enable a malicious website to conduct spoofing attacks by entering fullscreen mode without the user being notified, potentially leading to browser chrome spoofing. This could allow attackers to create convincing phishing interfaces or fake browser interfaces to deceive users (Mozilla Advisory).

The vulnerability was fixed in Firefox Focus version 110. Mozilla implemented a patch that adds a fullscreen notification banner similar to other Firefox versions. The fix was verified across multiple Android devices, including Google Pixel 6 (Android 13), Lenovo tablet M10 (Android 10), HTC 10 (Android 8), Samsung Galaxy Note 8 (Android 9), Oppo Reno 6 (Android 12), and Oppo Find X3 Lite (Android 11) (Mozilla Bug).