CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.

If a website displays a large popup that covers the entire screen, users might have a hard time reading the content, especially on smaller screens. A malicious site could display a large popup that covers the entire screen, resulting in potential user confusion or spoofing attacks. br>*This bug only affects Firefox for Linux.*. This vulnerability affects Firefox  102, Firefox ESR  91.11, Thunderbird  102, and Thunderbird  91.11. On Linux systems, if a website that Firefox for Linux is loading attempts to set the window size to a value larger than the X server allows, the window could be made unresponsive. This can be mitigated by using a window manager that supports resizing of X windows, such as Xephyr.

How Does the Bug Work?

To exploit this vulnerability, a website can cause Firefox to become unresponsive by setting the window size to a value larger than the X server allows.

Warning: Scrolling speed will be slow while navigating this page!

This vulnerability affects Firefox  102, Firefox ESR  91.11, Thunderbird  102, and Thunderbird  91.11. On Linux systems, if a website that Firefox for Linux is loading attempts to set the window size to a value larger than the X server allows, the window could be made unresponsive.

References *https://www.mozilla.org/en-US/security/advisories/CVE-2019-5188/#CVE-2019-5188*

*https://www.mozilla.org/en-US/security/advisories/CVE-2022-34479/#CVE-2022-34479*

Scenario

A website is displaying a large popup that covers the entire screen, and this popup is set to block all user input. This popup would also cause the window size to be set to a value larger than the X server allows, which could result in an unresponsive window.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/31/2022 02:30:00 UTC

References