If a website displays a large popup that covers the entire screen, users might have a hard time reading the content, especially on smaller screens. A malicious site could display a large popup that covers the entire screen, resulting in potential user confusion or spoofing attacks. br>*This bug only affects Firefox for Linux.*. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11. On Linux systems, if a website that Firefox for Linux is loading attempts to set the window size to a value larger than the X server allows, the window could be made unresponsive. This can be mitigated by using a window manager that supports resizing of X windows, such as Xephyr.
How Does the Bug Work?
To exploit this vulnerability, a website can cause Firefox to become unresponsive by setting the window size to a value larger than the X server allows.
Warning: Scrolling speed will be slow while navigating this page!
This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11. On Linux systems, if a website that Firefox for Linux is loading attempts to set the window size to a value larger than the X server allows, the window could be made unresponsive.
References *https://www.mozilla.org/en-US/security/advisories/CVE-2019-5188/#CVE-2019-5188*
*https://www.mozilla.org/en-US/security/advisories/CVE-2022-34479/#CVE-2022-34479*
Scenario
A website is displaying a large popup that covers the entire screen, and this popup is set to block all user input. This popup would also cause the window size to be set to a value larger than the X server allows, which could result in an unresponsive window.
Timeline
Published on: 12/22/2022 20:15:00 UTC
Last modified on: 12/31/2022 02:30:00 UTC