CVE-2022-45418 — UI Misrepresentation / Clickjacking in Mozilla Firefox
Severity
6.1MEDIUMNVD
OSV8.1OSV6.5
EPSS
0.2%
top 60.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Latest updateFeb 6
Description
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages9 packages
🔴Vulnerability Details
5GHSA▶
GHSA-g2g2-6grg-2jm4: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential↗2022-12-22
OSV▶
CVE-2022-45418: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential↗2022-12-22
CVEList▶
CVE-2022-45418: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential↗2022-12-22
📋Vendor Advisories
7Debian▶
CVE-2022-45418: firefox - If a custom mouse cursor is specified in CSS, under certain circumstances the cu...↗2022