{"id":"CVE-2022-38473","details":"A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird \u003c 102.2, Thunderbird \u003c 91.13, Firefox ESR \u003c 91.13, Firefox ESR \u003c 102.2, and Firefox \u003c 104.","modified":"2026-04-16T04:38:33.247456439Z","published":"2022-12-22T20:15:36.483Z","related":["ALSA-2022:6164","ALSA-2022:6165","ALSA-2022:6174","ALSA-2022:6175","SUSE-SU-2022:2984-1","SUSE-SU-2022:3007-1","SUSE-SU-2022:3030-1","SUSE-SU-2022:3272-1","SUSE-SU-2022:3273-1","SUSE-SU-2022:3281-1","SUSE-SU-2022:3396-1","openSUSE-SU-2024:12286-1","openSUSE-SU-2024:12287-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-33/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-34/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-35/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-36/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2022-37/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1771685"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38473.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"104.0"}]},{"events":[{"introduced":"102.0"},{"fixed":"102.2"}]},{"events":[{"introduced":"0"},{"fixed":"91.13"}]},{"events":[{"introduced":"0"},{"fixed":"91.13"}]},{"events":[{"introduced":"102.0"},{"fixed":"102.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}