Bug 2162342 (CVE-2022-46877) - CVE-2022-46877 Mozilla: Fullscreen notification bypass
Summary: CVE-2022-46877 Mozilla: Fullscreen notification bypass
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-46877
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2158855 2158856 2158857 2158858 2158859 2158860 2158861 2158862 2158863 2158864 2158865 2158866 2158867 2158868 2158872 2158873 2158874 2158875 2158876 2158877 2158878 2158879 2158880 2158881 2158883
Blocks: 2158844
TreeView+ depends on / blocked
 
Reported: 2023-01-19 11:35 UTC by Dhananjay Arunesh
Modified: 2023-01-29 06:52 UTC (History)
5 users (show)

Fixed In Version: firefox 102.7, thunderbird 102.7
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks.
Clone Of:
Environment:
Last Closed: 2023-01-29 06:52:08 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:0285 0 None None None 2023-01-23 09:18:29 UTC
Red Hat Product Errata RHSA-2023:0286 0 None None None 2023-01-23 09:18:54 UTC
Red Hat Product Errata RHSA-2023:0288 0 None None None 2023-01-23 09:19:41 UTC
Red Hat Product Errata RHSA-2023:0289 0 None None None 2023-01-23 09:20:32 UTC
Red Hat Product Errata RHSA-2023:0290 0 None None None 2023-01-23 09:20:10 UTC
Red Hat Product Errata RHSA-2023:0294 0 None None None 2023-01-23 09:21:36 UTC
Red Hat Product Errata RHSA-2023:0295 0 None None None 2023-01-23 09:22:16 UTC
Red Hat Product Errata RHSA-2023:0296 0 None None None 2023-01-23 09:22:28 UTC
Red Hat Product Errata RHSA-2023:0456 0 None None None 2023-01-25 15:25:25 UTC
Red Hat Product Errata RHSA-2023:0457 0 None None None 2023-01-25 15:15:56 UTC
Red Hat Product Errata RHSA-2023:0459 0 None None None 2023-01-25 15:17:46 UTC
Red Hat Product Errata RHSA-2023:0460 0 None None None 2023-01-25 15:25:12 UTC
Red Hat Product Errata RHSA-2023:0461 0 None None None 2023-01-25 15:24:49 UTC
Red Hat Product Errata RHSA-2023:0462 0 None None None 2023-01-25 15:28:26 UTC
Red Hat Product Errata RHSA-2023:0463 0 None None None 2023-01-25 15:29:18 UTC
Red Hat Product Errata RHSA-2023:0476 0 None None None 2023-01-26 17:15:50 UTC

Description Dhananjay Arunesh 2023-01-19 11:35:47 UTC
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877

Comment 1 errata-xmlrpc 2023-01-23 09:18:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0285 https://access.redhat.com/errata/RHSA-2023:0285

Comment 2 errata-xmlrpc 2023-01-23 09:18:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0286 https://access.redhat.com/errata/RHSA-2023:0286

Comment 3 errata-xmlrpc 2023-01-23 09:19:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0288 https://access.redhat.com/errata/RHSA-2023:0288

Comment 4 errata-xmlrpc 2023-01-23 09:20:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0290 https://access.redhat.com/errata/RHSA-2023:0290

Comment 5 errata-xmlrpc 2023-01-23 09:20:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0289 https://access.redhat.com/errata/RHSA-2023:0289

Comment 6 errata-xmlrpc 2023-01-23 09:21:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0294 https://access.redhat.com/errata/RHSA-2023:0294

Comment 7 errata-xmlrpc 2023-01-23 09:22:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0295 https://access.redhat.com/errata/RHSA-2023:0295

Comment 8 errata-xmlrpc 2023-01-23 09:22:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0296 https://access.redhat.com/errata/RHSA-2023:0296

Comment 9 errata-xmlrpc 2023-01-25 15:15:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0457 https://access.redhat.com/errata/RHSA-2023:0457

Comment 10 errata-xmlrpc 2023-01-25 15:17:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0459 https://access.redhat.com/errata/RHSA-2023:0459

Comment 11 errata-xmlrpc 2023-01-25 15:24:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0461 https://access.redhat.com/errata/RHSA-2023:0461

Comment 12 errata-xmlrpc 2023-01-25 15:25:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0460 https://access.redhat.com/errata/RHSA-2023:0460

Comment 13 errata-xmlrpc 2023-01-25 15:25:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0456 https://access.redhat.com/errata/RHSA-2023:0456

Comment 14 errata-xmlrpc 2023-01-25 15:28:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0462 https://access.redhat.com/errata/RHSA-2023:0462

Comment 15 errata-xmlrpc 2023-01-25 15:29:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0463

Comment 16 errata-xmlrpc 2023-01-26 17:15:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0476 https://access.redhat.com/errata/RHSA-2023:0476

Comment 17 Product Security DevOps Team 2023-01-29 06:52:06 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-46877


Note You need to log in before you can comment on or make changes to this bug.