CVE-2022-34479 — User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.2%
top 59.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Description
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
🔴Vulnerability Details
5GHSA▶
GHSA-w63f-86wf-7jwc: A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential use↗2022-12-22
CVEList▶
CVE-2022-34479: A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential use↗2022-12-22
OSV▶
CVE-2022-34479: A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential use↗2022-12-22