CVE Vulnerability

CVE-2022-45418

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1795815 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2022-49/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-48/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-47/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Information

Published : 2022-12-22 08:15

Updated : 2023-01-04 06:41

NVD link : CVE-2022-45418

Mitre link : CVE-2022-45418

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames