CVE-2022-26383 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox

CWE-451 — User Interface (UI) Misrepresentation of Critical Information CWE-449 — The UI Performs the Wrong Action17 documents8 sources

Severity

4.3MEDIUMNVD

OSV8.8

EPSS

0.3%

top 50.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedDec 22

Description

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5mozilla/firefoxunspecified — 98

▶NVDmozilla/firefox< 98.0

▶CVEListV5mozilla/firefox_esrunspecified — 91.7

▶NVDmozilla/firefox_esr< 91.7

▶Ubuntumozilla/firefox< 98.0.1+build2-0ubuntu0.18.04.1+5

🔴Vulnerability Details

CVEList

CVE-2022-26383: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification↗2022-12-22

▶

OSV

CVE-2022-26383: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification↗2022-12-22

▶

GHSA

GHSA-3gfr-938g-v48x: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification↗2022-12-22

▶

OSV

firefox regressions↗2022-03-24

▶

OSV

thunderbird vulnerabilities↗2022-03-23

▶

📋Vendor Advisories

Ubuntu

Firefox regressions↗2022-03-24

▶

Ubuntu

Thunderbird vulnerabilities↗2022-03-23

▶

Ubuntu

Firefox vulnerabilities↗2022-03-17

▶

Ubuntu

Firefox vulnerabilities↗2022-03-10

▶

Red Hat

Mozilla: Browser window spoof using fullscreen mode↗2022-03-08

▶