PT-2022-4679 · Mozilla+10 · Thunderbird+12

Armin Ebert

·

Published

2022-08-23

·

Updated

2024-12-12

·

CVE-2022-38472

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 102.2 Thunderbird versions prior to 91.13 Firefox ESR versions prior to 91.13 Firefox ESR versions prior to 102.2 Firefox versions prior to 104
Description An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin.
Recommendations For Thunderbird versions prior to 102.2, update to version 102.2 or later. For Thunderbird versions prior to 91.13, update to version 91.13 or later. For Firefox ESR versions prior to 91.13, update to version 91.13 or later. For Firefox ESR versions prior to 102.2, update to version 102.2 or later. For Firefox versions prior to 104, update to version 104 or later.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-356CWE-346

Related Identifiers

ALSA-2022:6164
ALSA-2022:6165
ALSA-2022:6174
ALSA-2022:6175
ALT-PU-2022-2481
ALT-PU-2022-2496
ALT-PU-2022-2515
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2022-2931
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-4339
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2022-05566
CESA-2022_6164
CESA-2022_6169
CESA-2022_6175
CESA-2022_6179
CVE-2022-38472
DLA-3080-1
DLA-3097-1
DSA-5217-1
DSA-5221-1
MGASA-2022-0309
MGASA-2022-0315
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_3030-1
OPENSUSE-SU-2022_3281-1
OPENSUSE-SU-2022_3396-1
OPENSUSE-SU-2024:12286-1
OPENSUSE-SU-2024:12287-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:6164
RHSA-2022:6165
RHSA-2022:6166
RHSA-2022:6167
RHSA-2022:6168
RHSA-2022:6169
RHSA-2022:6174
RHSA-2022:6175
RHSA-2022:6176
RHSA-2022:6177
RHSA-2022:6178
RHSA-2022:6179
RHSA-2022_6164
RHSA-2022_6165
RHSA-2022_6169
RHSA-2022_6174
RHSA-2022_6175
RHSA-2022_6179
RLSA-2022:6164
RLSA-2022:6175
SUSE-SU-2022:2984-1
SUSE-SU-2022:3007-1
SUSE-SU-2022:3030-1
SUSE-SU-2022:3272-1
SUSE-SU-2022:3273-1
SUSE-SU-2022:3281-1
SUSE-SU-2022:3396-1
SUSE-SU-2022_2984-1
SUSE-SU-2022_3007-1
SUSE-SU-2022_3030-1
USN-5581-1
USN-5663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu