CVE-2022-45404

Summary

Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 102.5affected
MozillaThunderbirdunspecified < 102.5affected
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Fullscreen notification bypass

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References