CVE-2022-29914 - OpenCVE

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox Esr Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1746448	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-16/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-17/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-18/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2022-12-22T00:00:00

Updated: 2022-12-22T00:00:00

Reserved: 2022-04-29T00:00:00

Link: CVE-2022-29914

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-22T20:15:26.397

Modified: 2023-01-04T02:15:34.937

Link: CVE-2022-29914

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "90899DEB-2CF7-4711-9623-761107B34599", "versionEndExcluding": "100.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "395AD0CF-F295-41B7-8C4A-86A9F352E5C8", "versionEndExcluding": "91.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C744FA6B-992E-48FC-955D-DDB61185C4A9", "versionEndExcluding": "91.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100."}, {"lang": "es", "value": "Al reutilizar ventanas emergentes existentes, Firefox les habr\u00eda permitido cubrir la interfaz de usuario de notificaci\u00f3n en pantalla completa, lo que podr\u00eda haber permitido ataques de suplantaci\u00f3n de identidad del navegador. Esta vulnerabilidad afecta a Thunderbird < 91.9, Firefox ESR < 91.9 y Firefox < 100."}], "id": "CVE-2022-29914", "lastModified": "2023-01-04T02:15:34.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:26.397", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746448"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-16/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-17/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2022-18/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}