VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-4sxp-em9q-aaas

Essentials
Severities (102)
References (46)
Severity details (14)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-4sxp-em9q-aaas
Aliases	CVE-2022-45404
Summary	Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45404.json
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00077	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00104	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
epss	0.00402	https://api.first.org/data/v1/epss?cve=CVE-2022-45404
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1790815
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1790815
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-45404
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-45404
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-47
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-48
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-49
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-47/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-47/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-48/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-48/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-49/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-49/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45404.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-45404
		https://bugzilla.mozilla.org/show_bug.cgi?id=1790815
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421
		https://www.mozilla.org/security/advisories/mfsa2022-47/
		https://www.mozilla.org/security/advisories/mfsa2022-48/
		https://www.mozilla.org/security/advisories/mfsa2022-49/
2143198		https://bugzilla.redhat.com/show_bug.cgi?id=2143198
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2022-45404		https://nvd.nist.gov/vuln/detail/CVE-2022-45404
GLSA-202211-05		https://security.gentoo.org/glsa/202211-05
mfsa2022-47		https://www.mozilla.org/en-US/security/advisories/mfsa2022-47
mfsa2022-48		https://www.mozilla.org/en-US/security/advisories/mfsa2022-48
mfsa2022-49		https://www.mozilla.org/en-US/security/advisories/mfsa2022-49
RHSA-2022:8543		https://access.redhat.com/errata/RHSA-2022:8543
RHSA-2022:8544		https://access.redhat.com/errata/RHSA-2022:8544
RHSA-2022:8545		https://access.redhat.com/errata/RHSA-2022:8545
RHSA-2022:8547		https://access.redhat.com/errata/RHSA-2022:8547
RHSA-2022:8548		https://access.redhat.com/errata/RHSA-2022:8548
RHSA-2022:8549		https://access.redhat.com/errata/RHSA-2022:8549
RHSA-2022:8550		https://access.redhat.com/errata/RHSA-2022:8550
RHSA-2022:8552		https://access.redhat.com/errata/RHSA-2022:8552
RHSA-2022:8553		https://access.redhat.com/errata/RHSA-2022:8553
RHSA-2022:8554		https://access.redhat.com/errata/RHSA-2022:8554
RHSA-2022:8555		https://access.redhat.com/errata/RHSA-2022:8555
RHSA-2022:8556		https://access.redhat.com/errata/RHSA-2022:8556
RHSA-2022:8561		https://access.redhat.com/errata/RHSA-2022:8561
RHSA-2022:8580		https://access.redhat.com/errata/RHSA-2022:8580
RHSA-2022:8979		https://access.redhat.com/errata/RHSA-2022:8979
RHSA-2022:8980		https://access.redhat.com/errata/RHSA-2022:8980
USN-5726-1		https://usn.ubuntu.com/5726-1/
USN-5824-1		https://usn.ubuntu.com/5824-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45404.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1790815

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1790815

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-45404

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-45404

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-47/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-47/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-48/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-48/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-49/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T15:14:24Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-49/

Exploit Prediction Scoring System (EPSS)

Percentile	0.23309
EPSS Score	0.00075
Published At	April 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.