Search for vulnerabilities
Vulnerability details: VCID-5jm3-hypf-aaaf
Vulnerability ID VCID-5jm3-hypf-aaaf
Aliases CVE-2022-45418
Summary If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45418.json
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00107 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00118 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
epss 0.00377 https://api.first.org/data/v1/epss?cve=CVE-2022-45418
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-45418
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-45418
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-47
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-48
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2022-49
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45418.json
https://api.first.org/data/v1/epss?cve=CVE-2022-45418
https://bugzilla.mozilla.org/show_bug.cgi?id=1795815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45421
https://www.mozilla.org/security/advisories/mfsa2022-47/
https://www.mozilla.org/security/advisories/mfsa2022-48/
https://www.mozilla.org/security/advisories/mfsa2022-49/
2143241 https://bugzilla.redhat.com/show_bug.cgi?id=2143241
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2022-45418 https://nvd.nist.gov/vuln/detail/CVE-2022-45418
GLSA-202211-05 https://security.gentoo.org/glsa/202211-05
mfsa2022-47 https://www.mozilla.org/en-US/security/advisories/mfsa2022-47
mfsa2022-48 https://www.mozilla.org/en-US/security/advisories/mfsa2022-48
mfsa2022-49 https://www.mozilla.org/en-US/security/advisories/mfsa2022-49
RHSA-2022:8543 https://access.redhat.com/errata/RHSA-2022:8543
RHSA-2022:8544 https://access.redhat.com/errata/RHSA-2022:8544
RHSA-2022:8545 https://access.redhat.com/errata/RHSA-2022:8545
RHSA-2022:8547 https://access.redhat.com/errata/RHSA-2022:8547
RHSA-2022:8548 https://access.redhat.com/errata/RHSA-2022:8548
RHSA-2022:8549 https://access.redhat.com/errata/RHSA-2022:8549
RHSA-2022:8550 https://access.redhat.com/errata/RHSA-2022:8550
RHSA-2022:8552 https://access.redhat.com/errata/RHSA-2022:8552
RHSA-2022:8553 https://access.redhat.com/errata/RHSA-2022:8553
RHSA-2022:8554 https://access.redhat.com/errata/RHSA-2022:8554
RHSA-2022:8555 https://access.redhat.com/errata/RHSA-2022:8555
RHSA-2022:8556 https://access.redhat.com/errata/RHSA-2022:8556
RHSA-2022:8561 https://access.redhat.com/errata/RHSA-2022:8561
RHSA-2022:8580 https://access.redhat.com/errata/RHSA-2022:8580
RHSA-2022:8979 https://access.redhat.com/errata/RHSA-2022:8979
RHSA-2022:8980 https://access.redhat.com/errata/RHSA-2022:8980
USN-5726-1 https://usn.ubuntu.com/5726-1/
USN-5824-1 https://usn.ubuntu.com/5824-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-45418.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-45418
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-45418
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40041
EPSS Score 0.00091
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.