Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2012-18

window.fullScreen writeable by untrusted content

March 13, 2012
Matt Brubeck
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 11
  • Firefox ESR 10.0.3
  • SeaMonkey 2.8
  • Thunderbird 11
  • Thunderbird ESR 10.0.3


Mozilla developer Matt Brubeck reported that window.fullScreen is writeable by untrusted content now that the DOM fullscreen API is enabled. Because window.fullScreen does not include mozRequestFullscreen's security protections, it could be used for UI spoofing. This code change makes window.fullScreen read only by untrusted content, forcing the use of the DOM fullscreen API in normal usage.

Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.