CVE-2022-38473

Summary

CVE	CVE-2022-38473
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-22 20:15:00 UTC
Updated	2023-01-03 21:12:00 UTC
Description	A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

Risk And Classification

Problem Types: CWE-281

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

References

Reference	Source	Link	Tags
Security Vulnerabilities fixed in Firefox 104 — Mozilla	MISC	www.mozilla.org
Access Denied	MISC	bugzilla.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 102.2 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Firefox ESR 91.13 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Thunderbird 102.2 — Mozilla	MISC	www.mozilla.org
Security Vulnerabilities fixed in Thunderbird 91.13 — Mozilla	MISC	www.mozilla.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160060 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6169)
160062 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6165)
160063 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6175)
160065 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-6164)
160068 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6174)
160070 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-6179)
180962 Debian Security Update for firefox-esr (DSA 5217-1)
180963 Debian Security Update for firefox-esr (DLA 3080-1)
180978 Debian Security Update for thunderbird (DSA 5221-1)
180994 Debian Security Update for thunderbird (DLA 3097-1)
183203 Debian Security Update for firefox-esrthunderbird (CVE-2022-38473)
198912 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5581-1)
198977 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5663-1)
240618 Red Hat Update for firefox (RHSA-2022:6174)
240619 Red Hat Update for thunderbird (RHSA-2022:6165)
240620 Red Hat Update for thunderbird (RHSA-2022:6169)
240621 Red Hat Update for thunderbird (RHSA-2022:6164)
240622 Red Hat Update for firefox (RHSA-2022:6175)
240624 Red Hat Update for thunderbird (RHSA-2022:6168)
240628 Red Hat Update for thunderbird (RHSA-2022:6166)
240629 Red Hat Update for firefox (RHSA-2022:6176)
240631 Red Hat Update for firefox (RHSA-2022:6179)
240632 Red Hat Update for firefox (RHSA-2022:6177)
257190 CentOS Security Update for firefox (CESA-2022:6179)
257193 CentOS Security Update for thunderbird (CESA-2022:6169)
296084 Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)
354078 Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1855
356231 Amazon Linux Security Advisory for firefox : ALASFIREFOX-2023-012
376857 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-33)
376858 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-35)
376859 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-34)
376860 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-37)
376861 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-36)
503449 Alpine Linux Security Update for firefox-esr
506057 Alpine Linux Security Update for firefox-esr
710610 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202208-37)
710612 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-38)
752536 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:2984-1)
752540 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3007-1)
752548 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3030-1)
752583 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3273-1)
752590 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3272-1)
752611 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:3396-1)
753189 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:3281-1)
940644 AlmaLinux Security Update for firefox (ALSA-2022:6175)
940645 AlmaLinux Security Update for thunderbird (ALSA-2022:6164)
940647 AlmaLinux Security Update for thunderbird (ALSA-2022:6165)
940648 AlmaLinux Security Update for firefox (ALSA-2022:6174)
960291 Rocky Linux Security Update for thunderbird (RLSA-2022:6164)
960360 Rocky Linux Security Update for firefox (RLSA-2022:6175)