Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-29914HistoryDec 22, 2022 - 8:15 p.m.
CVE-2022-29914
2022-12-2220:15:26
Debian Security Bug Tracker
security-tracker.debian.org
21
firefox
thunderbird
browser spoofing
vulnerability
fullscreen notification ui
cve-2022-29914
unix
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
43.7%
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 100.0-1 | firefox_100.0-1_all.deb |
| Debian | 12 | all | firefox-esr | < 91.9.0esr-1 | firefox-esr_91.9.0esr-1_all.deb |
| Debian | 11 | all | firefox-esr | < 91.9.0esr-1~deb11u1 | firefox-esr_91.9.0esr-1~deb11u1_all.deb |
| Debian | 999 | all | firefox-esr | < 91.9.0esr-1 | firefox-esr_91.9.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | < 91.9.0esr-1 | firefox-esr_91.9.0esr-1_all.deb |
| Debian | 12 | all | thunderbird | < 1:91.9.0-1 | thunderbird_1:91.9.0-1_all.deb |
| Debian | 11 | all | thunderbird | < 1:91.9.0-1~deb11u1 | thunderbird_1:91.9.0-1~deb11u1_all.deb |
| Debian | 999 | all | thunderbird | < 1:91.9.0-1 | thunderbird_1:91.9.0-1_all.deb |
| Debian | 13 | all | thunderbird | < 1:91.9.0-1 | thunderbird_1:91.9.0-1_all.deb |
Related
redhatcve
redhatcve
CVE-2022-29914
2022-05-03 20:24:40
cve
cve
CVE-2022-29914
2022-12-22 20:15:26
ubuntucve
ubuntucve
CVE-2022-29914
2022-05-04 00:00:00
veracode
veracode
Spoofing Attacks
2022-05-07 01:34:55
cvelist
cvelist
CVE-2022-29914
2022-12-22 00:00:00
prion
prion
Spoofing
2022-12-22 20:15:00
nvd
nvd
CVE-2022-29914
2022-12-22 20:15:26
alpinelinux
alpinelinux
CVE-2022-29914
2022-12-22 20:15:26
centos
centos
firefox security update
2022-05-06 16:01:51
thunderbird security update
2022-05-06 16:02:55
nessus
nessus
Rocky Linux 8 : firefox (RLSA-2022:1705)
2023-11-07 00:00:00
RHEL 8 : firefox (RHSA-2022:1705)
2022-05-04 00:00:00
AlmaLinux 9 : firefox (ALSA-2022:4590)
2022-11-16 00:00:00
openvas
openvas
CentOS: Security Advisory for firefox (CESA-2022:1703)
2022-05-07 00:00:00
openSUSE: Security Advisory for MozillaFirefox (SUSE-SU-2022:1748-1)
2022-05-21 00:00:00
Mozilla Firefox ESR Security Advisory (MFSA2022-17) - Windows
2022-07-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 91.9.0-alt1
2022-05-04 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 91.9.0-alt1
2022-05-04 00:00:00
redhat
redhat
(RHSA-2022:1704) Important: firefox security update
2022-05-04 11:04:22
(RHSA-2022:1702) Important: firefox security update
2022-05-04 11:04:13
(RHSA-2022:1701) Important: firefox security update
2022-05-04 11:04:10
debian
debian
[SECURITY] [DSA 5129-1] firefox-esr security update
2022-05-04 18:03:17
[SECURITY] [DLA 2994-1] firefox-esr security update
2022-05-05 12:25:21
[SECURITY] [DLA 3020-1] thunderbird security update
2022-05-23 07:46:38
almalinux
almalinux
Important: firefox security update
2022-05-04 11:04:22
Important: thunderbird security update
2022-05-05 13:32:08
oraclelinux
oraclelinux
firefox security update
2022-05-04 00:00:00
firefox security update
2022-06-30 00:00:00
firefox security update
2022-05-04 00:00:00
osv
osv
firefox-esr - security update
2022-05-04 00:00:00
firefox-esr - security update
2022-05-05 00:00:00
Important: firefox security update
2022-05-04 11:04:22
mageia
mageia
Updated firefox packages fix security vulnerability
2022-05-06 23:16:39
Updated thunderbird packages fix security vulnerability
2022-05-06 23:16:39
rocky
rocky
firefox security update
2022-05-04 11:04:22
thunderbird security update
2022-05-05 13:32:08
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla
2022-05-03 00:00:00
Security Vulnerabilities fixed in Thunderbird 91.9 — Mozilla
2022-05-03 00:00:00
Security Vulnerabilities fixed in Firefox 100 — Mozilla
2022-05-03 00:00:00
kaspersky
kaspersky
KLA12521 Multiple vulnerabilities in Mozilla Firefox ESR
2022-05-03 00:00:00
KLA12522 Multiple vulnerabilities in Mozilla Thunderbird
2022-05-03 00:00:00
KLA12520 Multiple vulnerabilities in Mozilla Firefox
2022-05-03 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2022-05-19 00:00:00
Security update for MozillaThunderbird (important)
2022-05-17 00:00:00
redos
redos
ROS-20220518-01
2022-05-18 00:00:00
ROS-20220518-02
2022-05-18 00:00:00
archlinux
archlinux
[ASA-202205-4] firefox: multiple issues
2022-05-16 00:00:00
[ASA-202205-3] thunderbird: multiple issues
2022-05-16 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2022-05-11 00:00:00
Thunderbird vulnerabilities
2022-05-25 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2022-08-10 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2022-08-10 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
43.7%
Related for DEBIANCVE:CVE-2022-29914