PT-2022-1910 · Mozilla+10 · Firefox Esr+12

Irvan Kurniawan

·

Published

2022-03-08

·

Updated

2024-12-12

·

CVE-2022-26383

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 98 Firefox ESR versions prior to 91.7 Thunderbird versions prior to 91.7
Description The issue is related to insufficient warning about dangerous actions when resizing a popup after requesting fullscreen access. This allows a remote attacker to perform a spoofing attack by not displaying the fullscreen notification. The vulnerability can be exploited remotely.
Recommendations For Firefox versions prior to 98, update to version 98 or later. For Firefox ESR versions prior to 91.7, update to version 91.7 or later. For Thunderbird versions prior to 91.7, update to version 91.7 or later. As a temporary workaround, consider disabling the fullscreen access feature until a patch is available. Restrict access to the popup window to minimize the risk of exploitation. Avoid using the popup window after requesting fullscreen access until the issue is resolved.

Exploit

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-357CWE-451

Related Identifiers

ALSA-2022:0818
ALSA-2022:0845
ALT-PU-2022-1450
ALT-PU-2022-1474
ALT-PU-2022-1475
ALT-PU-2022-1482
ALT-PU-2022-1487
ALT-PU-2022-1502
ALT-PU-2022-1519
ALT-PU-2022-1781
ALT-PU-2022-2053
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-01446
CESA-2022_0818
CESA-2022_0824
CESA-2022_0845
CESA-2022_0850
CVE-2022-26383
DLA-2942-1
DLA-2961-1
DSA-5097-1
DSA-5106-1
MGASA-2022-0093
MGASA-2022-0097
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022:0821-1
OPENSUSE-SU-2022:0906-1
OPENSUSE-SU-2022_0821-1
OPENSUSE-SU-2022_0906-1
OPENSUSE-SU-2024:11908-1
OPENSUSE-SU-2024:11909-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:0815
RHSA-2022:0816
RHSA-2022:0817
RHSA-2022:0818
RHSA-2022:0824
RHSA-2022:0843
RHSA-2022:0845
RHSA-2022:0847
RHSA-2022:0850
RHSA-2022:0853
RHSA-2022_0818
RHSA-2022_0824
RHSA-2022_0845
RHSA-2022_0850
RLSA-2022:0818
RLSA-2022:0845
SUSE-SU-2022:0819-1
SUSE-SU-2022:0821-1
SUSE-SU-2022:0822-1
SUSE-SU-2022:0906-1
SUSE-SU-2022:14906-1
SUSE-SU-2022_14906-1
USN-5321-1
USN-5321-2
USN-5321-3
USN-5345-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu