Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q4xw-urcg-83bw
Vulnerability ID VCID-q4xw-urcg-83bw
Aliases CVE-2012-0460
Summary Mozilla developer Matt Brubeck reported that window.fullScreen is writeable by untrusted content now that the DOM fullscreen API is enabled. Because window.fullScreen does not include mozRequestFullscreen's security protections, it could be used for UI spoofing. This code change makes window.fullScreen read only by untrusted content, forcing the use of the DOM fullscreen API in normal usage. Firefox 3.6 and Thunderbird 3.1 are not affected by this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01798 https://api.first.org/data/v1/epss?cve=CVE-2012-0460
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2012-18
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0460.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0460
803111 https://bugzilla.redhat.com/show_bug.cgi?id=803111
CVE-2012-0460 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2012-18 https://www.mozilla.org/en-US/security/advisories/mfsa2012-18
RHSA-2012:0387 https://access.redhat.com/errata/RHSA-2012:0387
RHSA-2012:0388 https://access.redhat.com/errata/RHSA-2012:0388
USN-1400-1 https://usn.ubuntu.com/1400-1/
USN-1400-3 https://usn.ubuntu.com/1400-3/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.83093
EPSS Score 0.01798
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:27:26.662030+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2012/mfsa2012-18.md 38.6.0