CVE-2022-22739UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking13 documents8 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.4%
top 36.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified96
NVDmozilla/firefox< 96.0
CVEListV5mozilla/firefox_esrunspecified91.5
CVEListV5mozilla/thunderbirdunspecified91.5

🔴Vulnerability Details

4
CVEList
CVE-2022-22739: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol2022-12-22
GHSA
GHSA-vpvf-2qgj-mm25: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol2022-12-22
OSV
CVE-2022-22739: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol2022-12-22
OSV
thunderbird vulnerabilities2022-01-21

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Firefox vulnerabilities2022-01-13
Red Hat
Mozilla: Missing throttling on external protocol launch dialog2022-01-11
Debian
CVE-2022-22739: firefox - Malicious websites could have tricked users into accepting launching a program t...2022
CVE-2022-22739 — UI Misrepresentation / Clickjacking | cvebase