CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
43.1%
Use tables inside of an iframe, an attacker could have caused iframe
contents to be rendered outside the boundaries of the iframe, resulting in
potential user confusion or spoofing attacks. This vulnerability affects
Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | thunderbird | < 1:102.7.1+build2-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | thunderbird | < 1:102.7.1+build2-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | thunderbird | < 1:102.7.1+build2-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 22.10 | noarch | thunderbird | < 1:102.7.1+build2-0ubuntu0.22.10.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2022-45420
nvd.nist.gov/vuln/detail/CVE-2022-45420
security-tracker.debian.org/tracker/CVE-2022-45420
ubuntu.com/security/notices/USN-5726-1
ubuntu.com/security/notices/USN-5824-1
www.cve.org/CVERecord?id=CVE-2022-45420
www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45420
www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45420
www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45420