CVE-2022-45408

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1793829
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/
• https://www.mozilla.org/security/advisories/mfsa2022-47/
• https://www.mozilla.org/security/advisories/mfsa2022-48/
• https://www.mozilla.org/security/advisories/mfsa2022-49/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2022-49
• MFSA2022-48
• MFSA2022-47

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-45403
• CVE-2022-45404
• CVE-2022-45405
• CVE-2022-45406
• CVE-2022-45408
• CVE-2022-45409
• CVE-2022-45410
• CVE-2022-45411
• CVE-2022-45412
• CVE-2022-45416
• CVE-2022-45418
• CVE-2022-45420
• CVE-2022-45421
• CVE-2022-45407
• CVE-2022-45413
• CVE-2022-40674
• CVE-2022-45415
• CVE-2022-45417
• CVE-2022-46882
• CVE-2022-45419
• CVE-2022-46883

Frequently Asked Questions

• What is CVE-2022-45408?

  CVE-2022-45408 is a vulnerability that allows an attacker to cause a window to go fullscreen without the user seeing the notification prompt, potentially leading to user confusion or spoofing attacks.

• Which software is affected by CVE-2022-45408?

  This vulnerability affects Firefox ESR versions earlier than 102.5, Thunderbird versions earlier than 102.5, and Firefox versions earlier than 107.

• How can an attacker exploit CVE-2022-45408?

  By using a series of popups that reuse windowName, an attacker can trigger the window to go fullscreen without the user's awareness.

• What is the severity of CVE-2022-45408?

  CVE-2022-45408 has a severity value of 6.5, which is considered high.

• How can I fix CVE-2022-45408?

  To fix CVE-2022-45408, you should update your Firefox ESR, Thunderbird, and Firefox installations to versions 102.5 and 107, respectively, or later.