CVE-2022-34479

Опубликовано: 22 дек. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
This bug only affects Thunderbird for Linux. Other operating systems are unaffected.. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1745595
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-25/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-26/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1745595
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-24/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-25/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-26/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1745595
Issue Tracking
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Версия до 102.0 (исключая)

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

Версия до 91.11 (исключая)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Версия до 91.11 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00113

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-451

Связанные уязвимости

CVE-2022-34479

CVSS3: 6.5

ubuntu

больше 2 лет назад

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-34479

CVSS3: 7.5

redhat

почти 3 года назад

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-34479

CVSS3: 6.5

debian

больше 2 лет назад

A malicious website that could create a popup could have resized the p ...

GHSA-w63f-86wf-7jwc

CVSS3: 6.5

github

больше 2 лет назад

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

BDU:2022-04154

CVSS3: 8.2

fstec

почти 3 года назад

Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с неправильной обработкой события изменения размера всплывающего окна, позволяющая нарушителю проводить спуфинг атаки

EPSS

Процентиль: 31%

0.00113

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-451