6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%
An attacker could have abused XSLT error handling to associate
attacker-controlled content with another origin which was displayed in the
address bar. This could have been used to fool the user into submitting
data intended for the spoofed origin. This vulnerability affects
Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR
< 102.2, and Firefox < 104.
Author | Note |
---|---|
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 104.0+build3-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 104.0+build3-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:102.2.2+build1-0ubuntu0.22.04.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2022-38472
nvd.nist.gov/vuln/detail/CVE-2022-38472
security-tracker.debian.org/tracker/CVE-2022-38472
ubuntu.com/security/notices/USN-5581-1
ubuntu.com/security/notices/USN-5663-1
www.cve.org/CVERecord?id=CVE-2022-38472
www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38472
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%