What is CVE-2022-22743?

CVE-2022-22743 is a vulnerability that allows an attacker-controlled tab to prevent the browser from leaving fullscreen mode.

Which software versions are affected by CVE-2022-22743?

Mozilla Firefox ESR up to version 91.5, Mozilla Firefox up to version 96, and Mozilla Thunderbird up to version 91.5 are affected by CVE-2022-22743.

What is the severity of CVE-2022-22743?

CVE-2022-22743 has a severity rating of high (7) based on the Common Vulnerability Scoring System (CVSS).

How can I fix CVE-2022-22743?

To fix CVE-2022-22743, update Mozilla Firefox ESR to version 91.5 or later, update Mozilla Firefox to version 96 or later, and update Mozilla Thunderbird to version 91.5 or later.

Where can I find more information about CVE-2022-22743?

You can find more information about CVE-2022-22743 in the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1739220), [Mozilla Advisory MFSA2022-03](https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/), and [Mozilla Advisory MFSA2022-01](https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/).

Vulnerability/
CVE-2022-22743

medium

4.3

11/1/2022

22/12/2022

3/8/2024

CVE-2022-22743

First published: Tue Jan 11 2022(Updated: )

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<91.5	91.5
	<96	96
	<91.5	91.5
	<91.5	91.5
Mozilla Firefox	<96.0
Mozilla Firefox ESR	<91.5
Mozilla Thunderbird	<91.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-22743?
CVE-2022-22743 is a vulnerability that allows an attacker-controlled tab to prevent the browser from leaving fullscreen mode.
Which software versions are affected by CVE-2022-22743?
Mozilla Firefox ESR up to version 91.5, Mozilla Firefox up to version 96, and Mozilla Thunderbird up to version 91.5 are affected by CVE-2022-22743.
What is the severity of CVE-2022-22743?
CVE-2022-22743 has a severity rating of high (7) based on the Common Vulnerability Scoring System (CVSS).
How can I fix CVE-2022-22743?
To fix CVE-2022-22743, update Mozilla Firefox ESR to version 91.5 or later, update Mozilla Firefox to version 96 or later, and update Mozilla Thunderbird to version 91.5 or later.
Where can I find more information about CVE-2022-22743?
You can find more information about CVE-2022-22743 in the following references: [Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1739220), [Mozilla Advisory MFSA2022-03](https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/), and [Mozilla Advisory MFSA2022-01](https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/).

collector/mozilla-advisory
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/author
agent/severity
agent/references
source/Mozilla
agent/software-canonical-lookup
agent/event
agent/description
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
collector/mitre-cve
source/MITRE
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox