Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-45418 (GCVE-0-2022-45418)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 14:46
VLAI?
EPSS
Summary
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Severity ?
6.1 (Medium)
CWE
- Custom mouse cursor could have been drawn over browser UI
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 102.5
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T14:46:53.567993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:46:57.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "107",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Custom mouse cursor could have been drawn over browser UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-45418",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:46:57.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-45418
Vulnerability from fkie_nvd - Published: 2022-12-22 20:15 - Updated: 2025-04-15 15:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "127E4452-84FE-49E3-A2EF-9C40C43A1FA6",
"versionEndExcluding": "107.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9380F7-F01F-4EA7-80D0-FD50AD5B292A",
"versionEndExcluding": "102.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25B4CDCF-8F95-4022-8B9F-82675E9E39B5",
"versionEndExcluding": "102.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
},
{
"lang": "es",
"value": "Si se especifica un cursor de mouse personalizado en CSS, bajo ciertas circunstancias el cursor podr\u00eda haberse dibujado sobre la interfaz de usuario del navegador, lo que podr\u00eda generar confusi\u00f3n en el usuario o ataques de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 102,5, Thunderbird \u0026lt; 102.5 y Firefox \u0026lt; 107."
}
],
"id": "CVE-2022-45418",
"lastModified": "2025-04-15T15:16:02.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-22T20:15:44.780",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2022-45418
Vulnerability from osv_almalinux
Published
2022-11-21 00:00
Modified
2022-11-21 21:14
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.5.0 ESR.
Security Fix(es):
- Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
- Mozilla: Fullscreen notification bypass (CVE-2022-45404)
- Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
- Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
- Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
- Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
- Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
- Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
- Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
- Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
- Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
- Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
- Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.5.0-1.el8_7.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)\n* Mozilla: Fullscreen notification bypass (CVE-2022-45404)\n* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)\n* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)\n* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)\n* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)\n* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)\n* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)\n* Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)\n* Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)\n* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)\n* Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)\n* Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:8554",
"modified": "2022-11-21T21:14:16Z",
"published": "2022-11-21T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:8554"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45403"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45404"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45405"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45409"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45411"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45412"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45416"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45418"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45420"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45421"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143197"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143198"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143199"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143200"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143201"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143202"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143240"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143241"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143242"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143243"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-8554.html"
}
],
"related": [
"CVE-2022-45403",
"CVE-2022-45404",
"CVE-2022-45405",
"CVE-2022-45406",
"CVE-2022-45408",
"CVE-2022-45409",
"CVE-2022-45421",
"CVE-2022-45410",
"CVE-2022-45411",
"CVE-2022-45412",
"CVE-2022-45416",
"CVE-2022-45418",
"CVE-2022-45420"
],
"summary": "Important: firefox security update"
}
CVE-2022-45418
Vulnerability from osv_almalinux
Published
2022-11-21 00:00
Modified
2022-11-21 19:01
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.5.0.
Security Fix(es):
- Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
- Mozilla: Fullscreen notification bypass (CVE-2022-45404)
- Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
- Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
- Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
- Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
- Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
- Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
- Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
- Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
- Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
- Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
- Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.5.0-2.el8_7.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)\n* Mozilla: Fullscreen notification bypass (CVE-2022-45404)\n* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)\n* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)\n* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)\n* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)\n* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)\n* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)\n* Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)\n* Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)\n* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)\n* Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)\n* Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:8547",
"modified": "2022-11-21T19:01:55Z",
"published": "2022-11-21T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:8547"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45403"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45404"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45405"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45409"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45411"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45412"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45416"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45418"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45420"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45421"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143197"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143198"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143199"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143200"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143201"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143202"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143240"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143241"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143242"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143243"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-8547.html"
}
],
"related": [
"CVE-2022-45403",
"CVE-2022-45404",
"CVE-2022-45405",
"CVE-2022-45406",
"CVE-2022-45408",
"CVE-2022-45409",
"CVE-2022-45421",
"CVE-2022-45410",
"CVE-2022-45411",
"CVE-2022-45412",
"CVE-2022-45416",
"CVE-2022-45418",
"CVE-2022-45420"
],
"summary": "Important: thunderbird security update"
}
CVE-2022-45418
Vulnerability from osv_almalinux
Published
2022-11-21 00:00
Modified
2022-11-21 21:22
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.5.0.
Security Fix(es):
- Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
- Mozilla: Fullscreen notification bypass (CVE-2022-45404)
- Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
- Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
- Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
- Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
- Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
- Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
- Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
- Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
- Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
- Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
- Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.5.0-2.el9_1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.5.0.\n\nSecurity Fix(es):\n\n* Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)\n* Mozilla: Fullscreen notification bypass (CVE-2022-45404)\n* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)\n* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)\n* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)\n* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)\n* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)\n* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)\n* Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)\n* Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)\n* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)\n* Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)\n* Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:8561",
"modified": "2022-11-21T21:22:05Z",
"published": "2022-11-21T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:8561"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45403"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45404"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45405"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45409"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45411"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45412"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45416"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45418"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45420"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45421"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143197"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143198"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143199"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143200"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143201"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143202"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143240"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143241"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143242"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143243"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-8561.html"
}
],
"related": [
"CVE-2022-45403",
"CVE-2022-45404",
"CVE-2022-45405",
"CVE-2022-45406",
"CVE-2022-45408",
"CVE-2022-45409",
"CVE-2022-45421",
"CVE-2022-45410",
"CVE-2022-45411",
"CVE-2022-45412",
"CVE-2022-45416",
"CVE-2022-45418",
"CVE-2022-45420"
],
"summary": "Important: thunderbird security update"
}
CVE-2022-45418
Vulnerability from osv_almalinux
Published
2022-11-22 00:00
Modified
2022-11-22 23:10
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.5.0 ESR.
Security Fix(es):
- Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
- Mozilla: Fullscreen notification bypass (CVE-2022-45404)
- Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
- Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
- Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
- Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
- Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
- Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
- Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
- Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
- Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
- Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
- Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.5.0-1.el9_1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.5.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)\n* Mozilla: Fullscreen notification bypass (CVE-2022-45404)\n* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)\n* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)\n* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)\n* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)\n* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)\n* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)\n* Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)\n* Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)\n* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)\n* Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)\n* Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:8580",
"modified": "2022-11-22T23:10:10Z",
"published": "2022-11-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:8580"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45403"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45404"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45405"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45406"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45408"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45409"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45410"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45411"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45412"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45416"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45418"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45420"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-45421"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143197"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143198"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143199"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143200"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143201"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143202"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143203"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143204"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143205"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143240"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143241"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143242"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2143243"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-8580.html"
}
],
"related": [
"CVE-2022-45403",
"CVE-2022-45404",
"CVE-2022-45405",
"CVE-2022-45406",
"CVE-2022-45408",
"CVE-2022-45409",
"CVE-2022-45421",
"CVE-2022-45410",
"CVE-2022-45411",
"CVE-2022-45412",
"CVE-2022-45416",
"CVE-2022-45418",
"CVE-2022-45420"
],
"summary": "Important: firefox security update"
}
GHSA-G2G2-6GRG-2JM4
Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30
VLAI?
Details
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-45418"
],
"database_specific": {
"cwe_ids": [
"CWE-1021"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T20:15:00Z",
"severity": "MODERATE"
},
"details": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
"id": "GHSA-g2g2-6grg-2jm4",
"modified": "2025-04-15T15:30:36Z",
"published": "2022-12-22T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45418"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
CNVD-2023-15816
Vulnerability from cnvd - Published: 2023-03-09
VLAI Severity ?
Title
Mozilla Firefox存在未明漏洞(CNVD-2023-15816)
Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozila Firefox存在安全漏洞,攻击者可利用该漏洞导致潜在的用户混淆或欺骗攻击。
Severity
中
Patch Name
Mozilla Firefox存在未明漏洞(CNVD-2023-15816)的补丁
Patch Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。
Mozila Firefox存在安全漏洞,攻击者可利用该漏洞导致潜在的用户混淆或欺骗攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
Reference
https://vigilance.fr/vulnerability/Mozilla-Firefox-Thunderbird-multiple-vulnerabilities-39914
Impacted products
| Name | ['Mozilla Firefox <107', 'Mozilla Firefox ESR <102.5', 'Mozilla Thunderbird <102.5'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-45418",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-45418"
}
},
"description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozila Firefox\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6f5c\u5728\u7684\u7528\u6237\u6df7\u6dc6\u6216\u6b3a\u9a97\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-47/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-15816",
"openTime": "2023-03-09",
"patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozila Firefox\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6f5c\u5728\u7684\u7528\u6237\u6df7\u6dc6\u6216\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-15816\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Mozilla Firefox \u003c107",
"Mozilla Firefox ESR \u003c102.5",
"Mozilla Thunderbird \u003c102.5"
]
},
"referenceLink": "https://vigilance.fr/vulnerability/Mozilla-Firefox-Thunderbird-multiple-vulnerabilities-39914",
"serverity": "\u4e2d",
"submitTime": "2022-11-21",
"title": "Mozilla Firefox\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2023-15816\uff09"
}
CVE-2022-45418
Vulnerability from fstec - Published: 15.11.2022
VLAI Severity ?
Title
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки
Description
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить спуфинг-атаки
Severity ?
Vendor
Red Hat Inc., ООО «РусБИТех-Астра», Novell Inc., Сообщество свободного программного обеспечения, АО «ИВК», Mozilla Corp., АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Linux Enterprise Server for SAP Applications, Debian GNU/Linux, Suse Linux Enterprise Server, OpenSUSE Leap, Suse Linux Enterprise Desktop, Альт 8 СП (запись в едином реестре российских программ №4305), Thunderbird, Firefox ESR, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Firefox
Software Version
7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 15-LTSS (Suse Linux Enterprise Server), 8.2 Extended Update Support (Red Hat Enterprise Linux), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (Альт 8 СП), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.7 (Astra Linux Special Edition), до 102.5 (Thunderbird), до 102.5 (Firefox ESR), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), до 2.7 (ОСОН ОСнова Оnyx), до 107 (Firefox)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2022-45418
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2022-45418
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2022-45418.html
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
Для ОС Astra Linux Special Edition 1.7:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения thunderbird до версии 1:102.6.0+repack-1~deb10u1.osnova1
Обновление программного обеспечения firefox-esr до версии 102.7.0esr+repack-1~deb10u1.osnova1
Для ОС Astra Linux Special Edition 4.7 для архитектуры ARM:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для Astra Linux 1.6 «Смоленск»:
- обновить пакет thunderbird до 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
- обновить пакет firefox до 107.0+build2-0ubuntu0.18.04.1+ci202211242243+astra11 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
Reference
https://www.cybersecurity-help.cz/vdb/SB2022112208
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418
https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418
https://security-tracker.debian.org/tracker/CVE-2022-45418
https://access.redhat.com/security/cve/cve-2022-45418
https://www.suse.com/security/cve/CVE-2022-45418.html
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
CWE
CWE-451
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 10 (Debian GNU/Linux), 15-LTSS (Suse Linux Enterprise Server), 8.2 Extended Update Support (Red Hat Enterprise Linux), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15.3 (OpenSUSE Leap), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 1.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Desktop), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.7 (Astra Linux Special Edition), \u0434\u043e 102.5 (Thunderbird), \u0434\u043e 102.5 (Firefox ESR), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 107 (Firefox)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-45418\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2022-45418\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-45418.html\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:102.6.0+repack-1~deb10u1.osnova1\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 102.7.0esr+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 thunderbird \u0434\u043e 1:115.5.0+build1-0ubuntu1+ci202311280951+astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 107.0+build2-0ubuntu0.18.04.1+ci202211242243+astra11 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.11.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.11.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07070",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-45418",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Linux Enterprise Server for SAP Applications, Debian GNU/Linux, Suse Linux Enterprise Server, OpenSUSE Leap, Suse Linux Enterprise Desktop, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Thunderbird, Firefox ESR, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Firefox",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , Novell Inc. OpenSUSE Leap 15.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. Suse Linux Enterprise Desktop 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Firefox ESR \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433-\u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2022112208\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418\nhttps://security-tracker.debian.org/tracker/CVE-2022-45418\nhttps://access.redhat.com/security/cve/cve-2022-45418\nhttps://www.suse.com/security/cve/CVE-2022-45418.html\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)"
}
CERTFR-2022-AVI-1033
Vulnerability from certfr_avis - Published: 2022-11-16 - Updated: 2022-11-16
De multiples vulnérabilités ont été corrigées dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service, une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 107 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 102.5 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 102.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 107",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 102.5",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 102.5",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-45415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45415"
},
{
"name": "CVE-2022-45407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45407"
},
{
"name": "CVE-2022-45405",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45405"
},
{
"name": "CVE-2022-45418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45418"
},
{
"name": "CVE-2022-45404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45404"
},
{
"name": "CVE-2022-45409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45409"
},
{
"name": "CVE-2022-45421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45421"
},
{
"name": "CVE-2022-45403",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45403"
},
{
"name": "CVE-2022-45419",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45419"
},
{
"name": "CVE-2022-45408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45408"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45417"
},
{
"name": "CVE-2022-45420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45420"
},
{
"name": "CVE-2022-45406",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45406"
},
{
"name": "CVE-2022-45413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45413"
},
{
"name": "CVE-2022-45410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45410"
},
{
"name": "CVE-2022-45411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45411"
},
{
"name": "CVE-2022-45416",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45416"
},
{
"name": "CVE-2022-45412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45412"
}
],
"initial_release_date": "2022-11-16T00:00:00",
"last_revision_date": "2022-11-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 15 novembre 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 15 novembre 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 15 novembre 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/"
}
],
"reference": "CERTFR-2022-AVI-1033",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Mozilla\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-49 du 15 novembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-48 du 15 novembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-47 du 15 novembre 2022",
"url": null
}
]
}
GSD-2022-45418
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-45418",
"description": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
"id": "GSD-2022-45418",
"references": [
"https://www.debian.org/security/2022/dsa-5282",
"https://www.debian.org/security/2022/dsa-5284",
"https://advisories.mageia.org/CVE-2022-45418.html",
"https://access.redhat.com/errata/RHSA-2022:8543",
"https://access.redhat.com/errata/RHSA-2022:8544",
"https://access.redhat.com/errata/RHSA-2022:8545",
"https://access.redhat.com/errata/RHSA-2022:8547",
"https://access.redhat.com/errata/RHSA-2022:8548",
"https://access.redhat.com/errata/RHSA-2022:8549",
"https://access.redhat.com/errata/RHSA-2022:8550",
"https://access.redhat.com/errata/RHSA-2022:8552",
"https://access.redhat.com/errata/RHSA-2022:8553",
"https://access.redhat.com/errata/RHSA-2022:8554",
"https://access.redhat.com/errata/RHSA-2022:8555",
"https://access.redhat.com/errata/RHSA-2022:8556",
"https://access.redhat.com/errata/RHSA-2022:8561",
"https://access.redhat.com/errata/RHSA-2022:8580",
"https://access.redhat.com/errata/RHSA-2022:8979",
"https://access.redhat.com/errata/RHSA-2022:8980",
"https://www.suse.com/security/cve/CVE-2022-45418.html",
"https://ubuntu.com/security/CVE-2022-45418"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-45418"
],
"details": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107.",
"id": "GSD-2022-45418",
"modified": "2023-12-13T01:19:24.832600Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-45418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.5"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.5"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "107"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Custom mouse cursor could have been drawn over browser UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-47/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-49/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-48/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "107.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2022-45418"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR \u003c 102.5, Thunderbird \u003c 102.5, and Firefox \u003c 107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795815"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-49/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-49/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-48/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-48/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2022-47/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-01-04T18:41Z",
"publishedDate": "2022-12-22T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…