CVE-2022-38472
Published: 24 August 2022
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Notes
Author | Note |
---|---|
mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
Priority
CVSS 3 base score: 6.5
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
bionic |
Released
(104.0+build3-0ubuntu0.18.04.1)
|
focal |
Released
(104.0+build3-0ubuntu0.20.04.1)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(104)
|
|
xenial |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Released
(1:102.2.2+build1-0ubuntu0.18.04.1)
|
focal |
Released
(1:102.2.2+build1-0ubuntu0.20.04.1)
|
|
jammy |
Released
(1:102.2.2+build1-0ubuntu0.22.04.1)
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Released
(91.13)
|
|
xenial |
Needs triage
|