CVE-2022-38472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-38472

Downstream

DEBIAN-CVE-2022-38472

DLA-3080-1

DLA-3097-1

DSA-5217-1

DSA-5221-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:6164

RHSA-2022:6165

RHSA-2022:6166

RHSA-2022:6167

RHSA-2022:6168

RHSA-2022:6169

RHSA-2022:6174

RHSA-2022:6175

RHSA-2022:6176

RHSA-2022:6177

RHSA-2022:6178

RHSA-2022:6179

SUSE-SU-2022:2984-1

SUSE-SU-2022:3007-1

SUSE-SU-2022:3030-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3281-1

SUSE-SU-2022:3396-1

UBUNTU-CVE-2022-38472

USN-5581-1

USN-5663-1

openSUSE-SU-2024:12286-1

openSUSE-SU-2024:12287-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:36Z

Modified

2025-08-09T19:01:28Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.

References

Affected packages