Rapid7

vulnerability

Red Hat: CVE-2022-45418: CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Nov 21, 2022
Added
Nov 22, 2022
Modified
Jun 12, 2026

Description

The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

    Title
    Rapid7 Labs

    2026 Global Threat Landscape Report

    The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.