CVE-2022-38472

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-38472
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38472.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-38472
Downstream
Related
Published
2022-12-22T20:15:36Z
Modified
2025-08-09T19:01:28Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

References

Affected packages