CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
This issue has been fixed in these releases. Firefox ESR update 91.5.1, Firefox release 96, and Thunderbird update 91.5 fixed this issue. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue. If a user opened a malicious popup and requested fullscreen mode while another popup was open that attempted to change the focus, the malicious popup could change the focus and steal data from the user. This issue has been fixed in these releases. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue. If a user opened a malicious popup and requested fullscreen mode while another popup was open that attempted to change the focus, the malicious popup could change the focus and steal data from the user. This issue has been fixed in these releases. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue
Fixed in Firefox ESR
91.5.1, Firefox 96, and Thunderbird 91.5
CVE-2022-22741
This issue has been fixed in these releases. Firefox ESR update 91.5.1, Firefox release 96, and Thunderbird update 91.5 fixed this issue. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue. If a user opened a malicious popup and requested fullscreen mode while another popup was open that attempted to change the focus, the malicious popup could change the focus and steal data from the user. This issue has been fixed in these releases. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue
Bugleg acy-b4
This issue has been fixed in these releases. Firefox ESR update 91.5.1, Firefox release 96, and Thunderbird update 91.5 fixed this issue. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue. If a user opened a malicious popup and requested fullscreen mode while another popup was open that attempted to change the focus, the malicious popup could change the focus and steal data from the user. This issue has been fixed in these releases. Users of these distributions should upgrade as soon as possible. While Firefox and Thunderbird permit popup windows to be resized, they do not permit the popup to receive focus while it is in fullscreen mode. This prevents a potential security issue. If a user opened a malicious popup and requested fullscreen mode while another popup was open that attempted to change the focus, the malicious popup could change the focus and steal data from the user
How to check if you are affected
You can check if you are affected by this issue by enabling the Developer Tools on Firefox or Thunderbird. If you see a window titled "Dialog" with the number 1 in it, then you are affected and should upgrade to one of the fixes listed above.
If you do not see this window, then your distribution is not affected by this issue and no update is needed.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 20:18:00 UTC