GSD-2022-45404
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-45404",
"description": "Through a series of popup and \u003ccode\u003ewindow.print()\u003c/code\u003e calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
"id": "GSD-2022-45404",
"references": [
"https://www.debian.org/security/2022/dsa-5282",
"https://www.debian.org/security/2022/dsa-5284",
"https://advisories.mageia.org/CVE-2022-45404.html",
"https://access.redhat.com/errata/RHSA-2022:8543",
"https://access.redhat.com/errata/RHSA-2022:8544",
"https://access.redhat.com/errata/RHSA-2022:8545",
"https://access.redhat.com/errata/RHSA-2022:8547",
"https://access.redhat.com/errata/RHSA-2022:8548",
"https://access.redhat.com/errata/RHSA-2022:8549",
"https://access.redhat.com/errata/RHSA-2022:8550",
"https://access.redhat.com/errata/RHSA-2022:8552",
"https://access.redhat.com/errata/RHSA-2022:8553",
"https://access.redhat.com/errata/RHSA-2022:8554",
"https://access.redhat.com/errata/RHSA-2022:8555",
"https://access.redhat.com/errata/RHSA-2022:8556",
"https://access.redhat.com/errata/RHSA-2022:8561",
"https://access.redhat.com/errata/RHSA-2022:8580",
"https://access.redhat.com/errata/RHSA-2022:8979",
"https://access.redhat.com/errata/RHSA-2022:8980",
"https://www.suse.com/security/cve/CVE-2022-45404.html",
"https://ubuntu.com/security/CVE-2022-45404"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-45404"
],
"details": "Through a series of popup and \u003ccode\u003ewindow.print()\u003c/code\u003e calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
"id": "GSD-2022-45404",
"modified": "2023-12-13T01:19:24.906136Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-45404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.5"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "107"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Through a series of popup and \u003ccode\u003ewindow.print()\u003c/code\u003e calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fullscreen notification bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-47/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-49/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-48/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "107.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-45404"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Through a series of popup and \u003ccode\u003ewindow.print()\u003c/code\u003e calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-49/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-48/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-47/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790815"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-01-04T16:07Z",
"publishedDate": "2022-12-22T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…