CVE-2022-29909

CVSS v3.1 8.8 (High)

EPSS 0.21 % (59^th)

Affected Products 3

Advisories 30

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Weaknesses

CWE-276: Incorrect Default Permissions

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2022-12-22 20:15:25
(21 months ago)
Updated Date: 2022-12-30 20:42:05
(20 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 100.0 version	cpe:2.3:a:mozilla:firefox	< 100.0
Mozilla Firefox Esr prior 91.9 version	cpe:2.3:a:mozilla:firefox_esr	< 91.9
Mozilla Thunderbird prior 91.9 version	cpe:2.3:a:mozilla:thunderbird	< 91.9