Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Zen-browser
Zen-browser desktop |
|
| Vendors & Products |
Zen-browser
Zen-browser desktop |
Wed, 15 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and combine with long-domain URL eliding to spoof a trusted origin for phishing and credential theft. This issue is fixed in version 1.19.13b. | |
| Title | Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing | |
| Weaknesses | CWE-451 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T17:44:16.341Z
Reserved: 2026-05-08T20:44:38.964Z
Link: CVE-2026-45150
Updated: 2026-07-15T17:44:02.028Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T19:15:14Z