CVE-2022-28286UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking13 documents8 sources
Severity
5.4MEDIUMNVD
OSV6.5
EPSS
0.2%
top 58.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages9 packages

CVEListV5mozilla/firefoxunspecified99
NVDmozilla/firefox< 99.0
CVEListV5mozilla/firefox_esrunspecified91.8
Ubuntumozilla/firefox< 99.0+build2-0ubuntu0.18.04.2+1

🔴Vulnerability Details

5
GHSA
GHSA-vr8w-grw2-mv66: Due to a layout change, iframe contents could have been rendered outside of its border2022-12-22
CVEList
CVE-2022-28286: Due to a layout change, iframe contents could have been rendered outside of its border2022-12-22
OSV
CVE-2022-28286: Due to a layout change, iframe contents could have been rendered outside of its border2022-12-22
OSV
thunderbird vulnerabilities2022-04-27
OSV
firefox vulnerabilities2022-04-07

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2022-04-27
Ubuntu
Firefox vulnerabilities2022-04-07
Red Hat
Mozilla: iframe contents could be rendered outside the border2022-04-05
Debian
CVE-2022-28286: firefox - Due to a layout change, iframe contents could have been rendered outside of its ...2022
Mozilla
Mozilla Foundation Security Advisory 2022-14: CVE-2022-28286
CVE-2022-28286 — UI Misrepresentation / Clickjacking | cvebase