This week, Firefox 110 and Firefox ESR 102.8 with updates for 10 critical vulnerabilities were released by Mozilla. The first security flaw, identified as CVE-2023-25728, could allow an attacker to obtain the unredacted URI of a child iframe if a redirect is triggered when interacting with that iframe.
The most recent versions of Firefox additionally fix a problem with browser fullscreen mode-related screen hijacking. The problem, identified as CVE-2023-25730, arises from the possibility that a background script may force fullscreen mode by invoking it and then blocking the main thread.