CVE-2022-22762

Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1743931	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-04/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1743931	Issue Tracking Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-04/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:47

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 - Issue Tracking, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1743931 - Issue Tracking, Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2022-04/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2022-04/ - Vendor Advisory

Information

Published : 2022-12-22 20:15

Updated : 2024-11-21 06:47

NVD link : CVE-2022-22762

Mitre link : CVE-2022-22762

CVE.ORG link : CVE-2022-22762

JSON object : View

Products Affected

mozilla

firefox

google

android

CWE

NVD-CWE-noinfo

{"id": "CVE-2022-22762", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:20.263", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1743931", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-04/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97."}, {"lang": "es", "value": "En determinadas circunstancias, se podr\u00eda haber mostrado una alerta (o mensaje) de JavaScript mientras se mostraba otro sitio web debajo de ella. Se podr\u00eda haber abusado de esto para enga\u00f1ar al usuario. <br>*Este error s\u00f3lo afecta a Firefox para Android. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox < 97."}], "lastModified": "2024-11-21T06:47:23.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56478BD7-9D9D-4513-9DDF-47AAC10550BF", "versionEndExcluding": "97.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}