CVE-2022-45408

Published on: Not Yet Published

Last Modified on: 01/04/2023 02:41:00 PM UTC

CVE-2022-45408

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Certain versions of Firefox from Mozilla contain the following vulnerability:

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

CVE-2022-45408 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
Affected Vendor/Software: Mozilla - Firefox ESR version < 102.5
Affected Vendor/Software: Mozilla - Thunderbird version < 102.5
Affected Vendor/Software: Mozilla - Firefox version < 107

CVSS3 Score: 6.5 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	NONE	HIGH	NONE

CVE References

Description	Tags ^ⓘ	Link
Security Vulnerabilities fixed in Thunderbird 102.5 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-49/
Security Vulnerabilities fixed in Firefox ESR 102.5 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-48/
Security Vulnerabilities fixed in Firefox 107 — Mozilla	www.mozilla.org text/html	MISC www.mozilla.org/security/advisories/mfsa2022-47/
Access Denied	bugzilla.mozilla.org text/html	MISC bugzilla.mozilla.org/show_bug.cgi?id=1793829

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

160260 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-8552)
160261 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-8555)
160319 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-8547)
160321 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-8554)
160325 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2022-8561)
160326 Oracle Enterprise Linux Security Update for firefox (ELSA-2022-8580)
181222 Debian Security Update for firefox-esr (DSA 5282-1)
181226 Debian Security Update for thunderbird (DLA 3196-1)
181234 Debian Security Update for firefox-esr (DLA 3199-1)
181235 Debian Security Update for thunderbird (DSA 5284-1)
199028 Ubuntu Security Notification for Firefox Vulnerabilities (USN-5726-1)
199147 Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5824-1)
240928 Red Hat Update for firefox (RHSA-2022:8554)
240929 Red Hat Update for thunderbird (RHSA-2022:8544)
240930 Red Hat Update for firefox (RHSA-2022:8552)
240931 Red Hat Update for firefox (RHSA-2022:8548)
240932 Red Hat Update for thunderbird (RHSA-2022:8545)
240933 Red Hat Update for firefox (RHSA-2022:8549)
240934 Red Hat Update for thunderbird (RHSA-2022:8555)
240935 Red Hat Update for thunderbird (RHSA-2022:8547)
240936 Red Hat Update for thunderbird (RHSA-2022:8561)
240938 Red Hat Update for firefox (RHSA-2022:8580)
241004 Red Hat Update for thunderbird (RHSA-2022:8980)
241013 Red Hat Update for firefox (RHSA-2022:8979)
257202 CentOS Security Update for firefox (CESA-2022:8552)
257207 CentOS Security Update for thunderbird (CESA-2022:8555)
377768 Mozilla Firefox Multiple Vulnerabilities (MFSA2022-47)
377769 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2022-49)
377770 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-48)
710686 Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202211-06)
710687 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202211-05)
752829 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:4058-1)
752832 SUSE Enterprise Linux Security Update for MozillaThunderbird (SUSE-SU-2022:4085-1)
752879 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:4247-1)
752924 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:4083-1)
940845 AlmaLinux Security Update for thunderbird (ALSA-2022:8547)
940846 AlmaLinux Security Update for firefox (ALSA-2022:8554)
940847 AlmaLinux Security Update for thunderbird (ALSA-2022:8561)
940848 AlmaLinux Security Update for firefox (ALSA-2022:8580)
960181 Rocky Linux Security Update for thunderbird (RLSA-2022:8547)
960507 Rocky Linux Security Update for firefox (RLSA-2022:8554)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Firefox Esr	All	All	All	All
Application	Mozilla	Thunderbird	All	All	All	All

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*:
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@RedPacketSec	Mozilla Firefox spoofing \| CVE-2022-45408 - redpacketsecurity.com/mozilla-firefo… #CVE #Vulnerability #OSINT #ThreatIntel #Cyber	2022-11-17 10:02:27
/r/k12cybersecurity	MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – PATCH: NOW	2022-11-16 13:47:07