CVE-2022-45420: 
NixOS vulnerability analysis and mitigation

CVE-2022-45420 is a security vulnerability discovered in Mozilla Firefox that affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. The vulnerability was discovered by Suhwan Song of SNU CompSec Lab and was disclosed on November 15, 2022. The issue allows an attacker to manipulate iframe contents to render outside their intended boundaries (Mozilla Advisory, NVD).

The vulnerability occurs when using tables inside an iframe, where an attacker could cause iframe contents to be rendered outside the boundaries of the iframe. The issue has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The vulnerability is classified as CWE-1021 (Improper Restriction of Rendered UI Layers or Frames) (NVD).

The vulnerability could result in potential user confusion or spoofing attacks by allowing malicious iframe content to be displayed outside its intended boundaries. This could enable attackers to manipulate the visual presentation of web content in ways that could deceive users (Mozilla Advisory).

The vulnerability was fixed in Firefox 107, Firefox ESR 102.5, and Thunderbird 102.5. Users are advised to update their software to these versions or later to mitigate the vulnerability. The fix involves setting clip on background items for table cols and colgroups when the table row, rowgroup or table has captured clip (Mozilla Bug).