Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-590
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 91.11 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 102 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 91.11 | ||
| Mozilla | Firefox | Firefox versions antérieures à 102 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 91.11",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 102",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 91.11",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 102",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-34484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34484"
},
{
"name": "CVE-2022-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2200"
},
{
"name": "CVE-2022-34473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34473"
},
{
"name": "CVE-2022-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2226"
},
{
"name": "CVE-2022-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34480"
},
{
"name": "CVE-2022-34474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34474"
},
{
"name": "CVE-2022-34479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34479"
},
{
"name": "CVE-2022-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34483"
},
{
"name": "CVE-2022-34470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34470"
},
{
"name": "CVE-2022-31744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31744"
},
{
"name": "CVE-2022-34471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34471"
},
{
"name": "CVE-2022-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34477"
},
{
"name": "CVE-2022-34475",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34475"
},
{
"name": "CVE-2022-34468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34468"
},
{
"name": "CVE-2022-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34478"
},
{
"name": "CVE-2022-34482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34482"
},
{
"name": "CVE-2022-34481",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34481"
},
{
"name": "CVE-2022-34485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34485"
},
{
"name": "CVE-2022-34476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34476"
},
{
"name": "CVE-2022-34472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34472"
},
{
"name": "CVE-2022-34469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34469"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-590",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-29T00:00:00.000000"
},
{
"description": "Ajout d\u0027un syst\u00e8me affect\u00e9",
"revision_date": "2022-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-26 du 28 juin 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-25 du 28 juin 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-24 du 28 juin 2022",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/"
}
]
}
CVE-2022-2200 (GCVE-0-2022-2200)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 15:03
VLAI
EPSS
Summary
If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Severity
8.8 (High)
CWE
- Undesired attributes could be set as part of prototype pollution
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 102
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.11
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1771381"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T15:02:52.347485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:03:42.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Undesired attributes could be set as part of prototype pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1771381"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-2200",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T15:03:42.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2226 (GCVE-0-2022-2226)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 15:01
VLAI
EPSS
Summary
An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.
Severity
6.5 (Medium)
CWE
- An email with a mismatching OpenPGP signature date was accepted as valid
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1775441"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2226",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T15:00:48.251530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:01:41.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email\u0027s date will be shown. If the dates were different, then Thunderbird didn\u0027t report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature\u0027s date roughly matches the displayed date of the email. This vulnerability affects Thunderbird \u003c 102 and Thunderbird \u003c 91.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An email with a mismatching OpenPGP signature date was accepted as valid",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1775441"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-2226",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-04-15T15:01:41.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31744 (GCVE-0-2022-31744)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 18:29
VLAI
EPSS
Summary
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
Severity
6.5 (Medium)
CWE
- CSP bypass enabling stylesheet injection
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.11
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
|
| Mozilla | Firefox |
Affected:
unspecified , < 101
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1757604"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-31744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:28:40.813434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:29:18.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1757604"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "101",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page\u0027s Content Security Policy. This vulnerability affects Firefox ESR \u003c 91.11, Thunderbird \u003c 102, Thunderbird \u003c 91.11, and Firefox \u003c 101."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSP bypass enabling stylesheet injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-20/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1757604"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-31744",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-05-26T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:29:18.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34468 (GCVE-0-2022-34468)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 18:20
VLAI
EPSS
Summary
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Severity
8.8 (High)
CWE
- CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 102
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.11
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1768537"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:20:14.014573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:20:18.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1768537"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An iframe that was not permitted to run scripts could do so if the user clicked on a \u003ccode\u003ejavascript:\u003c/code\u003e link. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1768537"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34468",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:20:18.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34469 (GCVE-0-2022-34469)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 18:18
VLAI
EPSS
Summary
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.
Severity
8.8 (High)
CWE
- TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1721220"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:18:21.042932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:18:24.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1721220"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. \u003cbr\u003e*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "TLS certificate errors on HSTS-protected domains could be bypassed by the user on Firefox for Android",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1721220"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34469",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:18:24.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34470 (GCVE-0-2022-34470)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 18:51
VLAI
EPSS
Summary
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Severity
9.8 (Critical)
CWE
- Use-after-free in nsSHistory
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 102
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.11
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765951"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34470",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:51:07.135220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:51:11.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765951"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free in nsSHistory",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1765951"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34470",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:51:11.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34471 (GCVE-0-2022-34471)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 18:48
VLAI
EPSS
Summary
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.
Severity
6.5 (Medium)
CWE
- Compromised server could trick a browser into an addon downgrade
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1766047"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:48:29.939294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:48:58.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When downloading an update for an addon, the downloaded addon update\u0027s version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox \u003c 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Compromised server could trick a browser into an addon downgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1766047"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34471",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:48:58.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34472 (GCVE-0-2022-34472)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 19:41
VLAI
EPSS
Summary
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Severity
4.3 (Medium)
CWE
- Unavailable PAC file resulted in OCSP requests being blocked
Assigner
References
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 102
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 91.11
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102
(custom)
Affected: unspecified , < 91.11 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770123"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T19:41:27.799667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:41:32.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "91.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox \u003c 102, Firefox ESR \u003c 91.11, Thunderbird \u003c 102, and Thunderbird \u003c 91.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unavailable PAC file resulted in OCSP requests being blocked",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-26/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-25/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770123"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34472",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:41:32.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34473 (GCVE-0-2022-34473)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 19:32
VLAI
EPSS
Summary
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.
Severity
6.1 (Medium)
CWE
- HTML Sanitizer could have been bypassed via use tags
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770888"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T19:32:28.759345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:32:51.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HTML Sanitizer should have sanitized the \u003ccode\u003ehref\u003c/code\u003e attribute of SVG \u003ccode\u003e\u0026lt;use\u0026gt;\u003c/code\u003e tags; however it incorrectly did not sanitize \u003ccode\u003exlink:href\u003c/code\u003e attributes. This vulnerability affects Firefox \u003c 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTML Sanitizer could have been bypassed via use tags",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1770888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34473",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:32:51.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34474 (GCVE-0-2022-34474)
Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 19:31
VLAI
EPSS
Summary
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
Severity
6.1 (Medium)
CWE
- Sandboxed iframes could redirect to external schemes
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:15.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677138"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T19:31:13.470236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:31:19.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Even when an iframe was sandboxed with \u003ccode\u003eallow-top-navigation-by-user-activation\u003c/code\u003e, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox \u003c 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sandboxed iframes could redirect to external schemes",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-22T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2022-24/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1677138"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2022-34474",
"datePublished": "2022-12-22T00:00:00.000Z",
"dateReserved": "2022-06-24T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:31:19.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…