However, O'Callahan said that Mozilla is concerned about security issues, for example about the fact that a user will not see the URL of a service in full-screen mode.
The engineer suggested that Mozilla could go different routes to make full-screen scenarios more secure, for example by enabling full-screen modes only through a manual user request and providing a pop-up window.
"We can make sure that when going full-screen, we display a clear message describing how to leave full-screen - like Flash does, but hopefully better, O'Callahan wrote. "Then if a malicious page goes full-screen when the user didn't want to, the user will probably exit full-screen immediately."
More problematic are spoofing attacks that occur when a full-screen window is already opened. However, O'Callahan says that "most spoofing attacks require user input that the browser can detect" in which cases the URL bar could be shown. But even there appear to be issues, as especially games are designed to be in full-screen mode all the time "while receiving the full range of user input."
Mozilla does not have a solution for this problem and is asking security researchers for feedback.
AMD B850 motherboard pricing leaks at Amazon's overseas store — Gigabyte B850 boards listed between $240 and $308
$1,600 aluminum Icebreaker keyboard breaks the bank — sports metal chassis, keycaps with 800 micro-perforations, and VIA support
Intel Arc B580 GPU with two M.2 slots smiles for the camera — Maxsun GPU offers storage expansion for two PCIe 4.0 SSDs
