CVE-2022-22746 — Race Condition in Mozilla Firefox
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 69.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateJan 6
Description
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages6 packages
🔴Vulnerability Details
3GHSA▶
GHSA-4fpj-fh6q-hx4r: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed↗2022-12-22
OSV▶
CVE-2022-22746: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed↗2022-12-22
CVEList▶
CVE-2022-22746: A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed↗2022-12-22
📋Vendor Advisories
5Debian▶
CVE-2022-22746: firefox - A race condition could have allowed bypassing the fullscreen notification which ...↗2022
💬Community
1Bugzilla
▶