CVE-2026-45150

Source
https://cve.org/CVERecord?id=CVE-2026-45150
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45150.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45150
Aliases
  • GHSA-vjfv-85qf-v25c
Published
2026-07-15T15:35:17.010Z
Modified
2026-07-17T03:41:53.875010756Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N CVSS Calculator
Summary
Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing
Details

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and combine with long-domain URL eliding to spoof a trusted origin for phishing and credential theft. This issue is fixed in version 1.19.13b.

Database specific
{
    "cwe_ids": [
        "CWE-451"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45150.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/zen-browser/desktop

Affected ranges

Type
GIT
Repo
https://github.com/zen-browser/desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.19.13b"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.0.0-a.1
1.*
1.0.0-a.1
1.0.0-a.10
1.0.0-a.11
1.0.0-a.12
1.0.0-a.13
1.0.0-a.14
1.0.0-a.15
1.0.0-a.16
1.0.0-a.2
1.0.0-a.23
1.0.0-a.24
1.0.0-a.26
1.0.0-a.27
1.0.0-a.29
1.0.0-a.3
1.0.0-a.30
1.0.0-a.31
1.0.0-a.32
1.0.0-a.33
1.0.0-a.34
1.0.0-a.35
1.0.0-a.39
1.0.0-a.4
1.0.0-a.5
1.0.0-a.6
1.0.0-a.7
1.0.0-a.8
1.0.0-a.9
1.0.1-a.1
1.0.1-a.10
1.0.1-a.11
1.0.1-a.12
1.0.1-a.13
1.0.1-a.14
1.0.1-a.15
1.0.1-a.16
1.0.1-a.17
1.0.1-a.18
1.0.1-a.19
1.0.1-a.2
1.0.1-a.20
1.0.1-a.21
1.0.1-a.3
1.0.1-a.4
1.0.1-a.5
1.0.1-a.6
1.0.1-a.7
1.0.1-a.8
1.0.1-a.9
1.0.2-b.0
1.0.2-b.1
1.0.2-b.2
1.0.2-b.3
1.0.2-b.4
1.0.2-b.5
1.10.3b
1.10b
1.11.1b
1.11.4b
1.11.5b
1.11b
1.12.10b
1.12.2b
1.12.3b
1.12.4b
1.12.5b
1.12.6b
1.12.7b
1.12.8b
1.12.9b
1.12b
1.13.1b
1.13.2b
1.13b
1.14.10b
1.14.11b
1.14.1b
1.14.2b
1.14.3b
1.14.4b
1.14.5b
1.14.6b
1.14.8b
1.14.9b
1.14b
1.15.2b
1.15.3b
1.15.4b
1.15.5b
1.16.1b
1.16.3b
1.16.4b
1.16b
1.17.10b
1.17.11b
1.17.12b
1.17.13b
1.17.14b
1.17.15b
1.17.1b
1.17.2b
1.17.3b
1.17.5b
1.17.6b
1.17.7b
1.17.8b
1.17.9b
1.18.10b
1.18.1b
1.18.2b
1.18.3b
1.18.4b
1.18.5b
1.18.6b
1.18.7b
1.18.9b
1.18b
1.19.10b
1.19.11b
1.19.12b
1.19.1b
1.19.2b
1.19.3b
1.19.4b
1.19.5b
1.19.6b
1.19.7b
1.19.8b
1.19.9b
1.19b
1.6b
1.7.1b
1.7.2b
1.7.3b
1.7.4b
1.7.6b
1.7b
1.8.1b
1.8.2b
1.8b
1.9b
Other
twilight-1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45150.json"