Thunderbird and Firefox are vulnerable to spoofing attack. The vulnerability exists due to a misuse of a race in the notification code allowing an attacker to forcefully hide the notification for pages that had received full screen and pointer lock access.
access.redhat.com/errata/RHSA-2021:5013
access.redhat.com/security/updates/classification/#important
bugzilla.mozilla.org/show_bug.cgi?id=1739091
bugzilla.redhat.com/show_bug.cgi?id=2030109
lists.debian.org/debian-lts-announce/2021/12/msg00030.html
lists.debian.org/debian-lts-announce/2022/01/msg00001.html
security.gentoo.org/glsa/202202-03
security.gentoo.org/glsa/202208-14
www.debian.org/security/2021/dsa-5026
www.debian.org/security/2022/dsa-5034
www.mozilla.org/security/advisories/mfsa2021-52/
www.mozilla.org/security/advisories/mfsa2021-53/
www.mozilla.org/security/advisories/mfsa2021-54/