CVE-2022-36319UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking14 documents8 sources
Severity
7.5HIGHNVD
OSV8.8
EPSS
0.1%
top 64.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 22

Description

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified103
NVDmozilla/firefox< 103.0
CVEListV5mozilla/firefox_esrunspecified102.1+1
NVDmozilla/firefox_esr< 102.1+1
CVEListV5mozilla/thunderbirdunspecified102.1+1

🔴Vulnerability Details

4
OSV
CVE-2022-36319: When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed2022-12-22
CVEList
CVE-2022-36319: When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed2022-12-22
GHSA
GHSA-4jxg-7cv4-3gcc: When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed2022-12-22
OSV
thunderbird vulnerabilities2022-10-07

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2022-10-07
Ubuntu
Firefox vulnerabilities2022-07-28
Red Hat
Mozilla: Mouse Position spoofing with CSS transforms2022-07-26
Debian
CVE-2022-36319: firefox - When combining CSS properties for overflow and transform, the mouse cursor could...2022
Mozilla
Mozilla Foundation Security Advisory 2022-30: CVE-2022-36319
CVE-2022-36319 — UI Misrepresentation / Clickjacking | cvebase