8.8
CVE-2022-38473
- EPSS 0.27%
- Veröffentlicht 22.12.2022 20:15:36
- Zuletzt bearbeitet 15.04.2025 17:15:36
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
LoginA cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Firefox ESR Version < 91.13
Mozilla ≫ Thunderbird Version < 91.13
Mozilla ≫ Thunderbird Version >= 102.0 < 102.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.