CVE-2022-45418: 
NixOS vulnerability analysis and mitigation

CVE-2022-45418 is a security vulnerability affecting Mozilla Firefox browsers and Thunderbird email client. The vulnerability was discovered in 2022 and involves a custom mouse cursor specified in CSS that could be drawn over the browser UI under certain circumstances. This vulnerability affected Firefox versions before 107.0, Firefox ESR versions before 102.5, and Thunderbird versions before 102.5 (Mozilla Advisory).

The vulnerability is classified as a UI layer restriction issue (CWE-1021) with a CVSS v3.1 base score of 6.1 (Medium). The technical nature of the vulnerability involves improper handling of custom mouse cursors specified through CSS, which could bypass normal UI layer restrictions. When exploited, the cursor could be rendered outside its intended boundaries and overlay critical browser interface elements (NVD).

The vulnerability could result in potential user confusion or spoofing attacks by allowing malicious websites to manipulate cursor appearance over browser UI elements. This could potentially be used in social engineering attacks where users might be misled about which elements they are interacting with (Mozilla Advisory).

The vulnerability was patched in Firefox 107.0, Firefox ESR 102.5, and Thunderbird 102.5. Users are advised to update their software to these versions or later to mitigate the risk. The fix involved improving cursor intersection detection on OOP (Out-of-Process) iframes (Mozilla Advisory).