Lucene search

K

MozillaCVELIST:CVE-2022-46877

HistoryDec 22, 2022 - 12:00 a.m.

CVE-2022-46877

2022-12-2200:00:00

mozilla

www.cve.org

1

notification delay

suppression

user confusion

spoofing attacks

firefox

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.

CNA Affected

[
  {
    "vendor": "Mozilla",
    "product": "Firefox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "108",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.mozilla.org/show_bug.cgi?id=1795139

lists.debian.org/debian-lts-announce/2023/01/msg00015.html

lists.debian.org/debian-lts-announce/2023/02/msg00018.html

security.gentoo.org/glsa/202305-06

security.gentoo.org/glsa/202305-13

www.debian.org/security/2023/dsa-5322

www.debian.org/security/2023/dsa-5355

www.mozilla.org/security/advisories/mfsa2022-51/

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

Related for CVELIST:CVE-2022-46877