Vulnerability-Lookup

CVE-2022-22741 (GCVE-0-2022-22741)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-16 15:48

Summary

When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

Browser window spoof using fullscreen mode

Assigner

mozilla

References

4 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://bugzilla.mozilla.org/show_bug.cgi?id=1740389

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox ESR	Affected: unspecified , < 91.5 (custom)
Mozilla	Firefox	Affected: unspecified , < 96 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 91.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:49.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-22741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:29:58.987779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:48:23.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "91.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Browser window spoof using fullscreen mode",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-22741",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2022-01-07T00:00:00.000Z",
    "dateUpdated": "2025-04-16T15:48:23.889Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-22741",
      "date": "2026-05-21",
      "epss": "0.00463",
      "percentile": "0.64512"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"96.0\", \"matchCriteriaId\": \"473CF696-0664-4239-995D-D4700507DD1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"91.5\", \"matchCriteriaId\": \"A8FD4DD9-9B65-49B3-9FED-6FF5085489D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"91.5\", \"matchCriteriaId\": \"A1A101E0-2173-4299-8F05-F325DCDC804B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.\"}, {\"lang\": \"es\", \"value\": \"Al cambiar el tama\\u00f1o de una ventana emergente mientras se solicita acceso a pantalla completa, la ventana emergente no podr\\u00eda salir del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 91.5, Firefox \u0026lt; 96 y Thunderbird \u0026lt; 91.5.\"}]",
      "id": "CVE-2022-22741",
      "lastModified": "2024-11-21T06:47:21.550",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-12-22T20:15:14.577",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-01/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-02/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-03/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-02/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-03/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-22741\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2022-12-22T20:15:14.577\",\"lastModified\":\"2025-04-16T16:15:21.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.\"},{\"lang\":\"es\",\"value\":\"Al cambiar el tama\u00f1o de una ventana emergente mientras se solicita acceso a pantalla completa, la ventana emergente no podr\u00eda salir del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 91.5, Firefox \u0026lt; 96 y Thunderbird \u0026lt; 91.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"96.0\",\"matchCriteriaId\":\"473CF696-0664-4239-995D-D4700507DD1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"91.5\",\"matchCriteriaId\":\"A8FD4DD9-9B65-49B3-9FED-6FF5085489D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"91.5\",\"matchCriteriaId\":\"A1A101E0-2173-4299-8F05-F325DCDC804B\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-01/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-02/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-03/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-03/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-01/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-02/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-03/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:21:49.128Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-22741\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:29:58.987779Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:30:43.470Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"91.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"96\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"91.5\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-01/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-02/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-03/\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1740389\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Browser window spoof using fullscreen mode\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2022-12-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-22741\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T15:48:23.889Z\", \"dateReserved\": \"2022-01-07T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2022-12-22T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-020

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox et Firefox ESR. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox ESR	Firefox ESR versions antérieures à 91.5
	Mozilla	Firefox ESR	Firefox, versions antérieures à 96

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-01 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2022-02 du 11 janvier 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 91.5",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox, versions ant\u00e9rieures \u00e0 96",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22742"
    },
    {
      "name": "CVE-2022-22740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22740"
    },
    {
      "name": "CVE-2022-22736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22736"
    },
    {
      "name": "CVE-2022-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22751"
    },
    {
      "name": "CVE-2022-22747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22747"
    },
    {
      "name": "CVE-2022-22738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22738"
    },
    {
      "name": "CVE-2022-22744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22744"
    },
    {
      "name": "CVE-2022-22752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22752"
    },
    {
      "name": "CVE-2021-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4140"
    },
    {
      "name": "CVE-2022-22750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22750"
    },
    {
      "name": "CVE-2022-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22745"
    },
    {
      "name": "CVE-2022-22748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22748"
    },
    {
      "name": "CVE-2022-22739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22739"
    },
    {
      "name": "CVE-2022-22746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22746"
    },
    {
      "name": "CVE-2022-22749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22749"
    },
    {
      "name": "CVE-2022-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22743"
    },
    {
      "name": "CVE-2022-22741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22741"
    },
    {
      "name": "CVE-2022-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22737"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice\u00a0\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-01 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-02 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/"
    }
  ]
}

CERTFR-2022-AVI-021

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 91.5

References

Title

Publication Time

Tags

Bulletin de sécurité Thunderbird mfsa2022-03 du 11 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 91.5",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22742"
    },
    {
      "name": "CVE-2022-22740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22740"
    },
    {
      "name": "CVE-2022-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22751"
    },
    {
      "name": "CVE-2022-22747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22747"
    },
    {
      "name": "CVE-2022-22738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22738"
    },
    {
      "name": "CVE-2022-22744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22744"
    },
    {
      "name": "CVE-2021-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4140"
    },
    {
      "name": "CVE-2022-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22745"
    },
    {
      "name": "CVE-2022-22748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22748"
    },
    {
      "name": "CVE-2022-22739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22739"
    },
    {
      "name": "CVE-2022-22746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22746"
    },
    {
      "name": "CVE-2022-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22743"
    },
    {
      "name": "CVE-2022-22741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22741"
    },
    {
      "name": "CVE-2022-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22737"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": ""
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Thunderbird.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service\u00a0\u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Thunderbird mfsa2022-03 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/"
    }
  ]
}

CERTFR-2022-AVI-020

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox ESR	Firefox ESR versions antérieures à 91.5
	Mozilla	Firefox ESR	Firefox, versions antérieures à 96

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-01 du 11 janvier 2022	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2022-02 du 11 janvier 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Firefox ESR versions ant\u00e9rieures \u00e0 91.5",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Firefox, versions ant\u00e9rieures \u00e0 96",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22742"
    },
    {
      "name": "CVE-2022-22740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22740"
    },
    {
      "name": "CVE-2022-22736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22736"
    },
    {
      "name": "CVE-2022-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22751"
    },
    {
      "name": "CVE-2022-22747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22747"
    },
    {
      "name": "CVE-2022-22738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22738"
    },
    {
      "name": "CVE-2022-22744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22744"
    },
    {
      "name": "CVE-2022-22752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22752"
    },
    {
      "name": "CVE-2021-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4140"
    },
    {
      "name": "CVE-2022-22750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22750"
    },
    {
      "name": "CVE-2022-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22745"
    },
    {
      "name": "CVE-2022-22748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22748"
    },
    {
      "name": "CVE-2022-22739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22739"
    },
    {
      "name": "CVE-2022-22746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22746"
    },
    {
      "name": "CVE-2022-22749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22749"
    },
    {
      "name": "CVE-2022-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22743"
    },
    {
      "name": "CVE-2022-22741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22741"
    },
    {
      "name": "CVE-2022-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22737"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice\u00a0\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-01 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-02 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/"
    }
  ]
}

CERTFR-2022-AVI-021

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 91.5

References

Title

Publication Time

Tags

Bulletin de sécurité Thunderbird mfsa2022-03 du 11 janvier 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 91.5",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22742"
    },
    {
      "name": "CVE-2022-22740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22740"
    },
    {
      "name": "CVE-2022-22751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22751"
    },
    {
      "name": "CVE-2022-22747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22747"
    },
    {
      "name": "CVE-2022-22738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22738"
    },
    {
      "name": "CVE-2022-22744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22744"
    },
    {
      "name": "CVE-2021-4140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4140"
    },
    {
      "name": "CVE-2022-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22745"
    },
    {
      "name": "CVE-2022-22748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22748"
    },
    {
      "name": "CVE-2022-22739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22739"
    },
    {
      "name": "CVE-2022-22746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22746"
    },
    {
      "name": "CVE-2022-22743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22743"
    },
    {
      "name": "CVE-2022-22741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22741"
    },
    {
      "name": "CVE-2022-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22737"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": ""
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Thunderbird.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service\u00a0\u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Thunderbird mfsa2022-03 du 11 janvier 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/"
    }
  ]
}

alsa-2022:0129

Vulnerability from osv_almalinux

Published

2022-01-12 11:29

Modified

2022-01-13 09:06

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.5.0.

Security Fix(es):

Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)
Mozilla: Race condition when playing audio files (CVE-2022-22737)
Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)
Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)
Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)
Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)
Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)
Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)
Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://vulners.com/cve/CVE-2021-4140	REPORT
	https://vulners.com/cve/CVE-2022-22737	REPORT
	https://vulners.com/cve/CVE-2022-22738	REPORT
	https://vulners.com/cve/CVE-2022-22739	REPORT
	https://vulners.com/cve/CVE-2022-22740	REPORT
	https://vulners.com/cve/CVE-2022-22741	REPORT
	https://vulners.com/cve/CVE-2022-22742	REPORT
	https://vulners.com/cve/CVE-2022-22743	REPORT
	https://vulners.com/cve/CVE-2022-22745	REPORT
	https://vulners.com/cve/CVE-2022-22747	REPORT
	https://vulners.com/cve/CVE-2022-22748	REPORT
	https://vulners.com/cve/CVE-2022-22751	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "91.5.0-1.el8_5.alma.plus"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "91.5.0-1.el8_5.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)\n\n* Mozilla: Race condition when playing audio files (CVE-2022-22737)\n\n* Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)\n\n* Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)\n\n* Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)\n\n* Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)\n\n* Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)\n\n* Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)\n\n* Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)\n\n* Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:0129",
  "modified": "2022-01-13T09:06:45Z",
  "published": "2022-01-12T11:29:46Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-4140"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22737"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22738"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22739"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22740"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22741"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22742"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22743"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22745"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22747"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22748"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22751"
    }
  ],
  "related": [
    "CVE-2021-4140",
    "CVE-2022-22737",
    "CVE-2022-22738",
    "CVE-2022-22740",
    "CVE-2022-22741",
    "CVE-2022-22742",
    "CVE-2022-22743",
    "CVE-2022-22751",
    "CVE-2022-22745",
    "CVE-2022-22748",
    "CVE-2022-22739",
    "CVE-2022-22747"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2022:0130

Vulnerability from osv_almalinux

Published

2022-01-12 11:30

Modified

2022-01-13 09:06

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.5.0 ESR.

Security Fix(es):

Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)
Mozilla: Race condition when playing audio files (CVE-2022-22737)
Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)
Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)
Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)
Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)
Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)
Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)
Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)
Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)
Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://vulners.com/cve/CVE-2021-4140	REPORT
	https://vulners.com/cve/CVE-2022-22737	REPORT
	https://vulners.com/cve/CVE-2022-22738	REPORT
	https://vulners.com/cve/CVE-2022-22739	REPORT
	https://vulners.com/cve/CVE-2022-22740	REPORT
	https://vulners.com/cve/CVE-2022-22741	REPORT
	https://vulners.com/cve/CVE-2022-22742	REPORT
	https://vulners.com/cve/CVE-2022-22743	REPORT
	https://vulners.com/cve/CVE-2022-22745	REPORT
	https://vulners.com/cve/CVE-2022-22747	REPORT
	https://vulners.com/cve/CVE-2022-22748	REPORT
	https://vulners.com/cve/CVE-2022-22751	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "91.5.0-1.el8_5.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 91.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Iframe sandbox bypass with XSLT (CVE-2021-4140)\n\n* Mozilla: Race condition when playing audio files (CVE-2022-22737)\n\n* Mozilla: Heap-buffer-overflow in blendGaussianBlur (CVE-2022-22738)\n\n* Mozilla: Use-after-free of ChannelEventQueue::mOwner (CVE-2022-22740)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22741)\n\n* Mozilla: Out-of-bounds memory access when inserting text in edit mode (CVE-2022-22742)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-22743)\n\n* Mozilla: Memory safety bugs fixed in Firefox 96 and Firefox ESR 91.5 (CVE-2022-22751)\n\n* Mozilla: Leaking cross-origin URLs through securitypolicyviolation event (CVE-2022-22745)\n\n* Mozilla: Spoofed origin on external protocol launch dialog (CVE-2022-22748)\n\n* Mozilla: Missing throttling on external protocol launch dialog (CVE-2022-22739)\n\n* Mozilla: Crash when handling empty pkcs7 sequence (CVE-2022-22747)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:0130",
  "modified": "2022-01-13T09:06:41Z",
  "published": "2022-01-12T11:30:14Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-4140"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22737"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22738"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22739"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22740"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22741"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22742"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22743"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22745"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22747"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22748"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2022-22751"
    }
  ],
  "related": [
    "CVE-2021-4140",
    "CVE-2022-22737",
    "CVE-2022-22738",
    "CVE-2022-22740",
    "CVE-2022-22741",
    "CVE-2022-22742",
    "CVE-2022-22743",
    "CVE-2022-22751",
    "CVE-2022-22745",
    "CVE-2022-22748",
    "CVE-2022-22739",
    "CVE-2022-22747"
  ],
  "summary": "Important: firefox security update"
}

BDU:2022-00290

Vulnerability from fstec - Published: 11.01.2022

Title

Уязвимость пользовательского интерфейса почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неверным ограничением визуализируемых слоев или фреймов, позволяющая нарушителю использовать неверное ограничение визуализируемых слоев или фреймов пользовательского интерфейса

Description

Уязвимость пользовательского интерфейса почтового клиента Thunderbird, браузеров Firefox и Firefox ESR связана с неверным ограничением визуализируемых слоев или фреймов из-за ошибки изменения размера всплывающего окна при запросе полноэкранного доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, лишить браузер возможности выйти из полноэкранного режима и провести спуфинговую атаку

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», Mozilla Corp., АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Firefox, Firefox ESR, Thunderbird, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (РЕД ОС), до 96 (Firefox), до 91.5 (Firefox ESR), до 91.5 (Thunderbird), - (Альт 8 СП), до 2.4.2 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Mozilla Corp.: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/ Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian: https://security-tracker.debian.org/tracker/CVE-2022-22741 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2022-22741 Для ОС Альт 8 СП: Обновление программного обеспечения до актуальной версии Для ОСОН Основа: Обновление программного обеспечения firefox-esr до версии 91.5.0esr+repack-1~deb10u1.osnova1 Для ОСОН Основа: Обновление программного обеспечения thunderbird до версии 1:91.5.0+repack-2~deb10u1.osnova1 Для ОС ОН «Стрелец»: Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets

Reference

http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://access.redhat.com/security/cve/CVE-2022-22741 https://altsp.su/obnovleniya-bezopasnosti/ https://security-tracker.debian.org/tracker/CVE-2022-22741 https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/ https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/

CWE

CWE-1021

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Mozilla Corp., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 96 (Firefox), \u0434\u043e 91.5 (Firefox ESR), \u0434\u043e 91.5 (Thunderbird), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.4.2 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-01/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2022-22741\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-22741\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.5.0esr+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.5.0+repack-2~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\n",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.01.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.01.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00290",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-22741",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Firefox, Firefox ESR, Thunderbird, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u0438\u043b\u0438 \u0444\u0440\u0435\u0439\u043c\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u0438\u043b\u0438 \u0444\u0440\u0435\u0439\u043c\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 (CWE-1021)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox \u0438 Firefox ESR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0432\u0438\u0437\u0443\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0441\u043b\u043e\u0435\u0432 \u0438\u043b\u0438 \u0444\u0440\u0435\u0439\u043c\u043e\u0432 \u0438\u0437-\u0437\u0430 \u043e\u0448\u0438\u0431\u043a\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0441\u043f\u043b\u044b\u0432\u0430\u044e\u0449\u0435\u0433\u043e \u043e\u043a\u043d\u0430 \u043f\u0440\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u043f\u043e\u043b\u043d\u043e\u044d\u043a\u0440\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043b\u0438\u0448\u0438\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u0439\u0442\u0438 \u0438\u0437 \u043f\u043e\u043b\u043d\u043e\u044d\u043a\u0440\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u043e\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://access.redhat.com/security/cve/CVE-2022-22741\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://security-tracker.debian.org/tracker/CVE-2022-22741\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-01/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.2/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1021",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2022-22741

Vulnerability from fkie_nvd - Published: 2022-12-22 20:15 - Updated: 2025-04-16 16:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1740389	Issue Tracking
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-01/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-02/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-03/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1740389	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-01/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-02/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-03/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "473CF696-0664-4239-995D-D4700507DD1A",
              "versionEndExcluding": "96.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8FD4DD9-9B65-49B3-9FED-6FF5085489D2",
              "versionEndExcluding": "91.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A101E0-2173-4299-8F05-F325DCDC804B",
              "versionEndExcluding": "91.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5."
    },
    {
      "lang": "es",
      "value": "Al cambiar el tama\u00f1o de una ventana emergente mientras se solicita acceso a pantalla completa, la ventana emergente no podr\u00eda salir del modo de pantalla completa. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 91.5, Firefox \u0026lt; 96 y Thunderbird \u0026lt; 91.5."
    }
  ],
  "id": "CVE-2022-22741",
  "lastModified": "2025-04-16T16:15:21.887",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-22T20:15:14.577",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3799-J5GP-4X56

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-16 18:31

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22741"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.",
  "id": "GHSA-3799-j5gp-4x56",
  "modified": "2025-04-16T18:31:36Z",
  "published": "2022-12-22T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22741"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-01"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-02"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-22741

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-22741

Aliases

CVE-2022-22741

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-22741",
    "description": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.",
    "id": "GSD-2022-22741"
  },
  "gsd": {
    "affected": [
      {
        "package": {
          "ecosystem": "Mozilla",
          "name": "Firefox ESR"
        },
        "ranges": [
          {
            "events": [
              {
                "fixed": "91.5"
              },
              {
                "introduced": "0"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "version": []
      },
      {
        "package": {
          "ecosystem": "Mozilla",
          "name": "Thunderbird"
        },
        "ranges": [
          {
            "events": [
              {
                "fixed": "91.5"
              },
              {
                "introduced": "0"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "version": []
      },
      {
        "package": {
          "ecosystem": "Mozilla",
          "name": "Firefox"
        },
        "ranges": [
          {
            "events": [
              {
                "fixed": "96"
              },
              {
                "introduced": "0"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "version": []
      }
    ],
    "alias": [
      "CVE-2022-22741"
    ],
    "database_specific": {
      "GSD": {
        "alias": "CVE-2022-22741",
        "id": "GSD-2022-22741",
        "references": [
          "https://www.suse.com/security/cve/CVE-2022-22741.html",
          "https://www.debian.org/security/2022/dsa-5045",
          "https://www.debian.org/security/2022/dsa-5044",
          "https://access.redhat.com/errata/RHSA-2022:0132",
          "https://access.redhat.com/errata/RHSA-2022:0131",
          "https://access.redhat.com/errata/RHSA-2022:0130",
          "https://access.redhat.com/errata/RHSA-2022:0129",
          "https://access.redhat.com/errata/RHSA-2022:0128",
          "https://access.redhat.com/errata/RHSA-2022:0127",
          "https://access.redhat.com/errata/RHSA-2022:0126",
          "https://access.redhat.com/errata/RHSA-2022:0125",
          "https://access.redhat.com/errata/RHSA-2022:0124",
          "https://access.redhat.com/errata/RHSA-2022:0123",
          "https://ubuntu.com/security/CVE-2022-22741",
          "https://advisories.mageia.org/CVE-2022-22741.html",
          "https://linux.oracle.com/cve/CVE-2022-22741.html"
        ]
      }
    },
    "details": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Thunderbird \u003c 91.5, and Firefox \u003c 96.",
    "id": "GSD-2022-22741",
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "modified": "2022-09-27T16:35:17.892849Z",
    "osvSchema": {
      "aliases": [
        "CVE-2022-22741"
      ],
      "details": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5.",
      "id": "GSD-2022-22741",
      "modified": "2023-12-13T01:19:29.847170Z",
      "schema_version": "1.4.0"
    },
    "references": [
      {
        "type": "ADVISORY",
        "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
      },
      {
        "type": "ADVISORY",
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.suse.com/security/cve/CVE-2022-22741.html"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.debian.org/security/2022/dsa-5045"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.debian.org/security/2022/dsa-5044"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0132"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0131"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0130"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0129"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0128"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0127"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0126"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0125"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0124"
      },
      {
        "type": "ADVISORY",
        "url": "https://access.redhat.com/errata/RHSA-2022:0123"
      },
      {
        "type": "ADVISORY",
        "url": "https://ubuntu.com/security/CVE-2022-22741"
      },
      {
        "type": "ADVISORY",
        "url": "https://advisories.mageia.org/CVE-2022-22741.html"
      },
      {
        "type": "ADVISORY",
        "url": "https://linux.oracle.com/cve/CVE-2022-22741.html"
      }
    ],
    "schema_version": "1.3.0",
    "summary": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Thunderbird \u003c 91.5, and Firefox \u003c 96."
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2022-22741",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "96"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Browser window spoof using fullscreen mode"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
          },
          {
            "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/",
            "refsource": "MISC",
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
          }
        ]
      }
    },
    "mozilla.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@mozilla.org",
        "ID": "CVE-2022-22741"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Firefox ESR",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Thunderbird",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "91.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Firefox",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "96"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Mozilla"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Thunderbird \u003c 91.5, and Firefox \u003c 96."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Browser window spoof using fullscreen mode"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
          },
          {
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
          },
          {
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "96.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "91.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "91.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2022-22741"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR \u003c 91.5, Firefox \u003c 96, and Thunderbird \u003c 91.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2022-02/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2022-01/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1740389"
            },
            {
              "name": "https://www.mozilla.org/security/advisories/mfsa2022-03/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-12-29T20:18Z",
      "publishedDate": "2022-12-22T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-22741 (GCVE-0-2022-22741)

Solution

Solution

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature