CVE-2022-31738

Summary

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 91.10affected
MozillaFirefoxunspecified < 101affected
MozillaFirefox ESRunspecified < 91.10affected

Weaknesses

  • Browser window spoof using fullscreen mode

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References