CVE-2022-22743UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking13 documents8 sources
Severity
4.3MEDIUMNVD
OSV8.8
EPSS
0.4%
top 37.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified96
NVDmozilla/firefox< 96.0
CVEListV5mozilla/firefox_esrunspecified91.5
CVEListV5mozilla/thunderbirdunspecified91.5

🔴Vulnerability Details

4
OSV
CVE-2022-22743: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fulls2022-12-22
GHSA
GHSA-3hgj-xg7g-48mq: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fulls2022-12-22
CVEList
CVE-2022-22743: When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fulls2022-12-22
OSV
thunderbird vulnerabilities2022-01-21

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Thunderbird vulnerabilities2022-01-21
Ubuntu
Firefox vulnerabilities2022-01-13
Red Hat
Mozilla: Browser window spoof using fullscreen mode2022-01-11
Debian
CVE-2022-22743: firefox - When navigating from inside an iframe while requesting fullscreen access, an att...2022
CVE-2022-22743 — UI Misrepresentation / Clickjacking | cvebase