PT-2022-3383 · Mozilla+10 · Thunderbird+11

Irvan Kurniawan

Published

2022-06-28

Updated

2024-12-12

CVE-2022-34479

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 102 Firefox ESR versions prior to 91.11 Thunderbird versions prior to 102 Thunderbird versions prior to 91.11

Description A malicious website could create a popup and resize it to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This issue is related to the incorrect handling of the resize event of a popup window. Exploitation of this issue may allow a remote attacker to conduct spoofing attacks using a specially crafted web page.

Recommendations For Firefox versions prior to 102, update to version 102 or later. For Firefox ESR versions prior to 91.11, update to version 91.11 or later. For Thunderbird versions prior to 102, update to version 102 or later. For Thunderbird versions prior to 91.11, update to version 91.11 or later. As a temporary workaround, consider disabling the ability to resize popup windows until a patch is available. Restrict access to potentially malicious websites to minimize the risk of exploitation.

Exploit

Fix

Integer Overflow

Buffer Overflow

Special Elements Injection

XSS

Clickjacking

Prototype Pollution

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-119CWE-74CWE-79CWE-393CWE-1021CWE-1321CWE-451

Related Identifiers

ALSA-2022:5482

ALT-PU-2022-2151

ALT-PU-2022-2153

ALT-PU-2022-2515

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2022-2931

ALT-PU-2023-1137

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4335

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-04029

BDU:2022-04062

BDU:2022-04063

BDU:2022-04065

BDU:2022-04153

BDU:2022-04154

BDU:2022-04243

CESA-2022_5469

CESA-2022_5470

CESA-2022_5479

CESA-2022_5480

CVE-2022-34479

DLA-3064-1

DSA-5172-1

DSA-5175-1

MGASA-2022-0251

MGASA-2022-0253

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_2313-1

OPENSUSE-SU-2022_2320-1

OPENSUSE-SU-2022_3281-1

OPENSUSE-SU-2022_3396-1

OPENSUSE-SU-2024:12161-1

OPENSUSE-SU-2024:12184-1

OPENSUSE-SU-2024:14572-1

RHSA-2022:5469

RHSA-2022:5470

RHSA-2022:5472

RHSA-2022:5473

RHSA-2022:5474

RHSA-2022:5475

RHSA-2022:5477

RHSA-2022:5478

RHSA-2022:5479

RHSA-2022:5480

RHSA-2022:5481

RHSA-2022:5482

RHSA-2022_5469

RHSA-2022_5470

RHSA-2022_5479

RHSA-2022_5480

RHSA-2022_5481

RHSA-2022_5482

RLSA-2022:5469

RLSA-2022:5470

SUSE-SU-2022:2279-1

SUSE-SU-2022:2289-1

SUSE-SU-2022:2313-1

SUSE-SU-2022:2320-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3281-1

SUSE-SU-2022:3396-1

USN-5504-1

USN-5512-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Firefox

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2022-3383 · Mozilla+10 · Thunderbird+11

CVE-2022-34479

Weakness Enumeration

Related Identifiers

Affected Products

References · 2314