CVE-2022-22741UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking13 documents8 sources
Severity
7.5HIGHNVD
OSV8.8
EPSS
0.5%
top 35.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified96
NVDmozilla/firefox< 96.0
CVEListV5mozilla/firefox_esrunspecified91.5
CVEListV5mozilla/thunderbirdunspecified91.5

🔴Vulnerability Details

4
CVEList
CVE-2022-22741: When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode2022-12-22
GHSA
GHSA-3799-j5gp-4x56: When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode2022-12-22
OSV
CVE-2022-22741: When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode2022-12-22
OSV
thunderbird vulnerabilities2022-01-21

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Firefox vulnerabilities2022-01-13
Red Hat
Mozilla: Browser window spoof using fullscreen mode2022-01-11
Debian
CVE-2022-22741: firefox - When resizing a popup while requesting fullscreen access, the popup would have b...2022
CVE-2022-22741 — UI Misrepresentation / Clickjacking | cvebase