github - ghsa-pp7m-q233-vq86

ghsa-pp7m-q233-vq86

Vulnerability from github

Published

2022-12-22 21:30

Modified

2022-12-30 15:30

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user.
This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 97.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-22762"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. \u003cbr\u003e*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 97.",
  "id": "GHSA-pp7m-q233-vq86",
  "modified": "2022-12-30T15:30:23Z",
  "published": "2022-12-22T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22762"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-22762

Vulnerability from cvelistv5

Published

2022-12-22 00:00

Modified

2024-08-03 03:21

Severity ?

Summary

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.

References

▼	URL	Tags
	https://www.mozilla.org/security/advisories/mfsa2022-04/
	https://bugzilla.mozilla.org/show_bug.cgi?id=1743931

Impacted products

▼	Vendor	Product
	Mozilla	Firefox

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:49.073Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "97",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. \u003cbr\u003e*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 97."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "JavaScript Dialogs could have been displayed over other domains on Firefox for Android",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-04/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-22762",
    "datePublished": "2022-12-22T00:00:00",
    "dateReserved": "2022-01-07T00:00:00",
    "dateUpdated": "2024-08-03T03:21:49.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted