CVE-2022-45418

MEDIUM

Firefox ESR < 102.5 & Thunderbird < 102.5 & Firefox < 107 - SSRF

Title source: llm

Description

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

References (4)

[Issue Tracking, Permissions Required, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1795815

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2022-47/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2022-48/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2022-49/

Scores

CVSS v3 6.1

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (3)

mozilla/firefox < 107.0

mozilla/firefox_esr < 102.5

mozilla/thunderbird < 102.5

Published Dec 22, 2022

Tracked Since Feb 18, 2026