PT-2022-1393 · Mozilla+3 · Thunderbird+5

Irvan Kurniawan

·

Published

2022-01-11

·

Updated

2024-12-12

·

CVE-2022-22746

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 96 Firefox ESR versions prior to 91.5 Thunderbird versions prior to 91.5
Description A race condition could allow bypassing the fullscreen notification, potentially leading to a fullscreen window spoof being unnoticed. This issue is related to incorrect restriction of visualizable layers or UI frames due to a race condition when calling reportValidity. The exploitation of this issue may allow a remote attacker to bypass the fullscreen notification and conduct a spoofing attack.
Recommendations For Firefox versions prior to 96, update to version 96 or later. For Firefox ESR versions prior to 91.5, update to version 91.5 or later. For Thunderbird versions prior to 91.5, update to version 91.5 or later.

Exploit

Fix

Clickjacking

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-362

Related Identifiers

ALT-PU-2022-1022
ALT-PU-2022-1023
ALT-PU-2022-1053
ALT-PU-2022-1078
ALT-PU-2022-1090
ALT-PU-2022-1091
ALT-PU-2022-1097
ALT-PU-2022-1781
ALT-PU-2022-1783
ALT-PU-2022-2930
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-00287
CVE-2022-22746
OPENSUSE-SU-2022:0136-1
OPENSUSE-SU-2022:0199-1
OPENSUSE-SU-2022_0136-1
OPENSUSE-SU-2022_0199-1
OPENSUSE-SU-2024:11732-1
OPENSUSE-SU-2024:11733-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:0115-1
SUSE-SU-2022:0136-1
SUSE-SU-2022:0137-1
SUSE-SU-2022:0199-1
SUSE-SU-2022:14880-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Red Os
Suse
Thunderbird