However, O'Callahan said that Mozilla is concerned about security issues, for example about the fact that a user will not see the URL of a service in full-screen mode.
The engineer suggested that Mozilla could go different routes to make full-screen scenarios more secure, for example by enabling full-screen modes only through a manual user request and providing a pop-up window.
"We can make sure that when going full-screen, we display a clear message describing how to leave full-screen - like Flash does, but hopefully better, O'Callahan wrote. "Then if a malicious page goes full-screen when the user didn't want to, the user will probably exit full-screen immediately."
More problematic are spoofing attacks that occur when a full-screen window is already opened. However, O'Callahan says that "most spoofing attacks require user input that the browser can detect" in which cases the URL bar could be shown. But even there appear to be issues, as especially games are designed to be in full-screen mode all the time "while receiving the full range of user input."
Mozilla does not have a solution for this problem and is asking security researchers for feedback.