On Windows 10, only Firefox ESR is currently supported. The issue occurs when a website hosts malicious content using WebExtensions. When a user visits a website with malicious content, the browser could allow the frame-ancestors attribute to be set to cross-origin frames, which could allow attackers to access data from other domains. This could cause problems for users as an attacker could trick the user into visiting a phishing site, for example, or could cause information leakage via DNS requests in emails. Firefox users can protect themselves from this issue by using caution when using WebExtensions.
Impact:
This issue could stand in the way of a user browsing the internet, as an attacker could use this vulnerability to trick users into visiting a phishing site or get information leaked.
FireFox ESR
Update: On Windows 10, only Firefox ESR is currently supported.
Products Affected by the Issue
Windows 10 Firefox ESR users who use WebExtensions for malicious purposes will be affected by this issue.
CVE-2023-22746
On Windows 10, only Firefox ESR is currently supported. The issue occurs when a website hosts malicious content using WebExtensions. When a user visits a website with malicious content, the browser could allow the frame-ancestors attribute to be set to cross-origin frames, which could allow attackers to access data from other domains. This could cause problems for users as an attacker could trick the user into visiting a phishing site, for example, or could cause information leakage via DNS requests in emails. Firefox users can protect themselves from this issue by using caution when using WebExtensions.
Criticality of the vulnerability
This is a critical vulnerability that could allow an attacker to access data from other domains.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/29/2022 20:00:00 UTC