VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-k3ad-jwkb-aaad

Essentials
Severities (114)
References (41)
Severity details (17)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-k3ad-jwkb-aaad
Aliases	CVE-2022-31738
Summary	When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-290	Authentication Bypass by Spoofing
CWE-1021	Improper Restriction of Rendered UI Layers or Frames

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4870
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4871
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4872
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4873
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4875
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4876
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4887
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4888
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4889
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4890
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4891
rhas	Important	https://access.redhat.com/errata/RHSA-2022:4892
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31738.json
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00102	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
epss	0.00389	https://api.first.org/data/v1/epss?cve=CVE-2022-31738
cvssv3.1	6.5	https://bugzilla.mozilla.org/show_bug.cgi?id=1756388
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1756388
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=2092021
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-31738
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2022-31738
archlinux	High	https://security.archlinux.org/AVG-2760
archlinux	High	https://security.archlinux.org/AVG-2761
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-20/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-20/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-21/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-21/
cvssv3.1	6.5	https://www.mozilla.org/security/advisories/mfsa2022-22/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2022-22/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31738.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-31738
		https://bugzilla.mozilla.org/show_bug.cgi?id=1756388
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1529
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1834
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31736
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31738
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31740
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31741
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31747
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://www.mozilla.org/security/advisories/mfsa2022-20/
		https://www.mozilla.org/security/advisories/mfsa2022-21/
		https://www.mozilla.org/security/advisories/mfsa2022-22/
2092021		https://bugzilla.redhat.com/show_bug.cgi?id=2092021
AVG-2760		https://security.archlinux.org/AVG-2760
AVG-2761		https://security.archlinux.org/AVG-2761
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
CVE-2022-31738		https://nvd.nist.gov/vuln/detail/CVE-2022-31738
mfsa2022-20		https://www.mozilla.org/en-US/security/advisories/mfsa2022-20
mfsa2022-21		https://www.mozilla.org/en-US/security/advisories/mfsa2022-21
mfsa2022-22		https://www.mozilla.org/en-US/security/advisories/mfsa2022-22
RHSA-2022:4870		https://access.redhat.com/errata/RHSA-2022:4870
RHSA-2022:4871		https://access.redhat.com/errata/RHSA-2022:4871
RHSA-2022:4872		https://access.redhat.com/errata/RHSA-2022:4872
RHSA-2022:4873		https://access.redhat.com/errata/RHSA-2022:4873
RHSA-2022:4875		https://access.redhat.com/errata/RHSA-2022:4875
RHSA-2022:4876		https://access.redhat.com/errata/RHSA-2022:4876
RHSA-2022:4887		https://access.redhat.com/errata/RHSA-2022:4887
RHSA-2022:4888		https://access.redhat.com/errata/RHSA-2022:4888
RHSA-2022:4889		https://access.redhat.com/errata/RHSA-2022:4889
RHSA-2022:4890		https://access.redhat.com/errata/RHSA-2022:4890
RHSA-2022:4891		https://access.redhat.com/errata/RHSA-2022:4891
RHSA-2022:4892		https://access.redhat.com/errata/RHSA-2022:4892
USN-5475-1		https://usn.ubuntu.com/5475-1/
USN-5512-1		https://usn.ubuntu.com/5512-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31738.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1756388

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1756388

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31738

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31738

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-20/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-20/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-21/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-21/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.mozilla.org/security/advisories/mfsa2022-22/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:54:02Z/ Found at https://www.mozilla.org/security/advisories/mfsa2022-22/

Exploit Prediction Scoring System (EPSS)

Percentile	0.23945
EPSS Score	0.00094
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.