Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-36319

Published: 27 July 2022

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.

Notes

AuthorNote
mdeslaur
starting with Ubuntu 22.04, the firefox package is just a script
that installs the Firefox snap

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
bionic
Released (103.0+build1-0ubuntu0.18.04.1)
focal
Released (103.0+build1-0ubuntu0.20.04.1)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
trusty Does not exist

upstream
Released (103)
xenial Needed

firefox-esr
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream
Released (91.12.0esr-1)
xenial Does not exist

thunderbird
Launchpad, Ubuntu, Debian
bionic
Released (1:102.2.2+build1-0ubuntu0.18.04.1)
focal
Released (1:102.2.2+build1-0ubuntu0.20.04.1)
jammy
Released (1:102.2.2+build1-0ubuntu0.22.04.1)
kinetic Needed

trusty Does not exist

upstream
Released (91.12)
xenial Needed