Vulnerability CVE-2022-31738: Information

Description

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-31738

Published: Dec. 22, 2022

Modified: Jan. 4, 2023

Error type identifier: CWE-290

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	101.0-alt1	127.0-alt1	ALT-PU-2022-1988-1	301047	Fixed
firefox	p10	105.0.1-alt0.p10.1	118.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	p9	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-4339-1	319683	Fixed
firefox	c10f1	105.0.1-alt0.p10.1	112.0.2-alt0.p10.1	ALT-PU-2022-2930-1	307737	Fixed
firefox	c9f2	105.0.1-alt0.c9.1	105.0.1-alt0.c9.1	ALT-PU-2023-1139-1	309126	Fixed
firefox	p11	101.0-alt1	126.0.1-alt1	ALT-PU-2022-1988-1	301047	Fixed
firefox-esr	sisyphus	91.10.0-alt1	115.11.0-alt1	ALT-PU-2022-1995-1	301215	Fixed
firefox-esr	p10	91.10.0-alt0.p10.1	115.11.0-alt1	ALT-PU-2022-2000-1	301334	Fixed
firefox-esr	p9	91.10.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-2044-1	301652	Fixed
firefox-esr	c10f1	91.10.0-alt0.p10.1	115.9.1-alt0.c10.1	ALT-PU-2022-2000-1	301334	Fixed
firefox-esr	c9f2	91.10.0-alt0.c9.1	102.12.0-alt0.c9.1	ALT-PU-2022-2017-1	301458	Fixed
firefox-esr	p11	91.10.0-alt1	115.11.0-alt1	ALT-PU-2022-1995-1	301215	Fixed
thunderbird	sisyphus	91.10.0-alt1	115.9.0-alt1	ALT-PU-2022-1996-1	301216	Fixed
thunderbird	p10	91.10.0-alt0.p10.1	115.9.0-alt1	ALT-PU-2022-2006-1	301335	Fixed
thunderbird	p9	91.10.0-alt0.p9.1	102.11.0-alt0.c9.1	ALT-PU-2022-2053-1	301653	Fixed
thunderbird	c10f1	91.10.0-alt0.p10.1	115.9.0-alt0.c10.1	ALT-PU-2022-2006-1	301335	Fixed
thunderbird	c9f2	91.10.0-alt0.c9.1	102.11.0-alt0.c9.1	ALT-PU-2022-2031-1	301459	Fixed
thunderbird	p11	91.10.0-alt1	115.9.0-alt1	ALT-PU-2022-1996-1	301216	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2022-20/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1756388	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-22/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-21/	Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  101
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  91.10
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  91.10

Version: v24.5.3

Vulnerability CVE-2022-31738: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1