CVE-2022-29914UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking13 documents9 sources
Severity
6.5MEDIUMNVD
OSV4.3
EPSS
0.2%
top 52.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified100
NVDmozilla/firefox< 100.0
CVEListV5mozilla/firefox_esrunspecified91.9
CVEListV5mozilla/thunderbirdunspecified91.9

🔴Vulnerability Details

4
OSV
CVE-2022-29914: When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attack2022-12-22
CVEList
CVE-2022-29914: When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attack2022-12-22
GHSA
GHSA-wmwv-wgqw-75xr: When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attack2022-12-22
OSV
thunderbird vulnerabilities2022-05-25

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2022-05-25
Ubuntu
Firefox vulnerabilities2022-05-11
Red Hat
Mozilla: Fullscreen notification bypass using popups2022-05-03
Debian
CVE-2022-29914: firefox - When reusing existing popups Firefox would have allowed them to cover the fullsc...2022
Mozilla
Mozilla Foundation Security Advisory 2022-17: CVE-2022-29914

💬Community

1
Bugzilla
Block the fullscreen notification on Android using download popups2022-08-07
CVE-2022-29914 — UI Misrepresentation / Clickjacking | cvebase