CVE-2022-31738

medium

Description

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

References

https://www.mozilla.org/security/advisories/mfsa2022-22/

https://www.mozilla.org/security/advisories/mfsa2022-21/

https://www.mozilla.org/security/advisories/mfsa2022-20/

https://bugzilla.mozilla.org/show_bug.cgi?id=1756388

Details

Source: Mitre, NVD

Published: 2022-12-22

Updated: 2023-01-03

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: Medium