{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-45420","assignerOrgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","assignerShortName":"mozilla","dateUpdated":"2025-04-15T14:17:39.583Z","dateReserved":"2022-11-14T00:00:00.000Z","datePublished":"2022-12-22T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f16b083a-5664-49f3-a51e-8d479e5ed7fe","shortName":"mozilla","dateUpdated":"2022-12-22T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107."}],"affected":[{"vendor":"Mozilla","product":"Firefox ESR","versions":[{"version":"unspecified","lessThan":"102.5","status":"affected","versionType":"custom"}]},{"vendor":"Mozilla","product":"Thunderbird","versions":[{"version":"unspecified","lessThan":"102.5","status":"affected","versionType":"custom"}]},{"vendor":"Mozilla","product":"Firefox","versions":[{"version":"unspecified","lessThan":"107","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1792643"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Iframe contents could be rendered outside the iframe"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T14:09:57.035Z"},"title":"CVE Program Container","references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2022-47/","tags":["x_transferred"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-49/","tags":["x_transferred"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2022-48/","tags":["x_transferred"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1792643","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1021","lang":"en","description":"CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-15T14:16:09.095035Z","id":"CVE-2022-45420","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-15T14:17:39.583Z"}}]}}