Cyber Posture

CVE-2025-1018

Medium

Published: 04 February 2025

Published
04 February 2025
Modified
13 April 2026
KEV Added
Patch
CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0018 39.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1018 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Mozilla Firefox. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Masquerading (T1036); ranked at the 39.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Masquerading (T1036). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the fullscreen notification vulnerability by requiring timely patching to Firefox and Thunderbird version 135 or later.

SI-5 Security Alerts, Advisories, and Directives partial match
prevent

Ensures organizations receive and act on Mozilla security advisories like MFSA 2025-07 to apply fixes for this specific CVE.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Detects deployed instances of vulnerable Firefox and Thunderbird versions prior to 135 through vulnerability scanning.

MITRE ATT&CK Enterprise TechniquesAI

T1036 Masquerading Stealth
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.
attack.mitre.org →
Why these techniques?

Fullscreen notification spoofing directly enables UI masquerading to deceive users.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Deeper analysisAI

CVE-2025-1018 is a vulnerability in the fullscreen notification handling mechanism within Mozilla Firefox and Thunderbird. The issue occurs when the fullscreen notification is prematurely hidden upon quick re-requests for fullscreen by the user, enabling a potential spoofing attack. This flaw affects versions of Firefox and Thunderbird prior to 135 and is associated with CWE-1021, with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges or specific user interaction beyond normal browser usage. Successful exploitation allows attackers to achieve low-impact integrity violations through spoofing, such as manipulating fullscreen notifications to deceive users.

Mozilla fixed this vulnerability in Firefox 135 and Thunderbird 135. Mitigation details are provided in security advisories MFSA 2025-07 and MFSA 2025-11, along with the Bugzilla entry at https://bugzilla.mozilla.org/show_bug.cgi?id=1910818.

Details

CWE(s)
CWE-1021

Affected Products

mozilla
firefox
≤ 135.0
mozilla
thunderbird
131.0 — 135.0

CVEs Like This One

CVE-2026-2777Same product: Mozilla Firefox
CVE-2026-6754Same product: Mozilla Firefox
CVE-2026-7322Same product: Mozilla Firefox
CVE-2026-7320Same product: Mozilla Firefox
CVE-2025-8040Same product: Mozilla Firefox
CVE-2026-6780Same product: Mozilla Firefox
CVE-2026-2766Same product: Mozilla Firefox
CVE-2025-1016Same product: Mozilla Firefox
CVE-2026-2757Same product: Mozilla Firefox
CVE-2026-2758Same product: Mozilla Firefox

References