What is CVE-2022-34479?

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

How severe is CVE-2022-34479?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-34479?

This is classified as CWE-451, which is a common weakness in software security.

CVE-2022-34479

Q: How severe is CVE-2022-34479?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

Q: What type of vulnerability is CVE-2022-34479?

This is classified as CWE-451, which is a common weakness in software security.

MEDIUM Year: 2022

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-451

View all →

Vulnerability Description

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

CVE-2022-32816

MEDIUM

CVSS:6.5(Medium)

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may le...

CWE-4512022

CVE-2022-3313

MEDIUM

CVSS:6.5(Medium)

Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CWE-4512022

CVE-2022-45404

MEDIUM

CVSS:6.5(Medium)

Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion ...

CWE-4512022

CVE-2023-0130

MEDIUM

CVSS:6.5(Medium)

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (...

CWE-4512023

CVE-2023-0700

MEDIUM

CVSS:6.5(Medium)

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium...

CWE-4512023

CVE-2023-7011

MEDIUM

CVSS:6.5(Medium)

Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium ...

CWE-4512023

CVE-2022-34479

Vulnerability Description

Related Vulnerabilities

CVE-2022-32816

CVE-2022-3313

CVE-2022-45404

CVE-2023-0130

CVE-2023-0700

CVE-2023-7011