PT-2022-4926 · Mozilla+10 · Thunderbird+12

Irvan Kurniawan

·

Published

2022-07-26

·

Updated

2024-12-12

·

CVE-2022-36319

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 103 Firefox ESR versions prior to 102.1 Firefox ESR versions prior to 91.12 Thunderbird versions prior to 102.1 Thunderbird versions prior to 91.12
Description The issue is related to errors in representing information in the user interface, specifically when combining CSS properties for overflow and transform, which could cause the mouse cursor to interact with different coordinates than displayed. This could allow a remote attacker to disclose protected information.
Recommendations For Firefox versions prior to 103, update to version 103 or later. For Firefox ESR versions prior to 102.1, update to version 102.1 or later. For Firefox ESR versions prior to 91.12, update to version 91.12 or later. For Thunderbird versions prior to 102.1, update to version 102.1 or later. For Thunderbird versions prior to 91.12, update to version 91.12 or later.

Exploit

Fix

Clickjacking

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021CWE-451

Related Identifiers

ALSA-2022:5767
ALSA-2022:5774
ALSA-2022:5777
ALT-PU-2022-2306
ALT-PU-2022-2458
ALT-PU-2022-2515
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2022-2931
ALT-PU-2023-1137
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4335
ALT-PU-2023-4336
ALT-PU-2023-4339
ALT-PU-2023-5754
ALT-PU-2024-3614
BDU:2022-06107
CESA-2022_5773
CESA-2022_5774
CESA-2022_5776
CESA-2022_5777
CVE-2022-36319
DSA-5193-1
DSA-5195-1
MGASA-2022-0271
MGASA-2022-0300
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_2611-1
OPENSUSE-SU-2022_2748-1
OPENSUSE-SU-2022_3281-1
OPENSUSE-SU-2022_3396-1
OPENSUSE-SU-2024:12227-1
OPENSUSE-SU-2024:12228-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:5765
RHSA-2022:5766
RHSA-2022:5767
RHSA-2022:5769
RHSA-2022:5770
RHSA-2022:5771
RHSA-2022:5772
RHSA-2022:5773
RHSA-2022:5774
RHSA-2022:5776
RHSA-2022:5777
RHSA-2022:5778
RHSA-2022_5767
RHSA-2022_5773
RHSA-2022_5774
RHSA-2022_5776
RHSA-2022_5777
RHSA-2022_5778
RLSA-2022:5774
RLSA-2022:5777
SUSE-SU-2022:2596-1
SUSE-SU-2022:2602-1
SUSE-SU-2022:2611-1
SUSE-SU-2022:2748-1
SUSE-SU-2022:3272-1
SUSE-SU-2022:3273-1
SUSE-SU-2022:3281-1
SUSE-SU-2022:3396-1
USN-5536-1
USN-5663-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu