CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1794508	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-47/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1794508	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2022-47/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:29

Type	Values Removed	Values Added
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1794508 - Issue Tracking, Permissions Required, Vendor Advisory~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1794508 - Issue Tracking, Permissions Required, Vendor Advisory
References	~~() https://www.mozilla.org/security/advisories/mfsa2022-47/ - Vendor Advisory~~	() https://www.mozilla.org/security/advisories/mfsa2022-47/ - Vendor Advisory

Information

Published : 2022-12-22 20:15

Updated : 2024-11-21 07:29

NVD link : CVE-2022-45417

Mitre link : CVE-2022-45417

CVE.ORG link : CVE-2022-45417

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-1021

Improper Restriction of Rendered UI Layers or Frames

{"id": "CVE-2022-45417", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-12-22T20:15:44.573", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794508", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794508", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2022-47/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1021"}]}], "descriptions": [{"lang": "en", "value": "Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107."}, {"lang": "es", "value": "Los Service Workers no detectaron correctamente el modo de navegaci\u00f3n privada en todos los casos, lo que podr\u00eda haber provocado que los Service Workers se escribieran en el disco para los sitios web visitados en el modo de navegaci\u00f3n privada. Esto no los habr\u00eda mantenido en un estado en el que se ejecutar\u00edan nuevamente, pero habr\u00eda filtrado los detalles del modo de navegaci\u00f3n privada al disco. Esta vulnerabilidad afecta a Firefox < 107."}], "lastModified": "2024-11-21T07:29:13.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127E4452-84FE-49E3-A2EF-9C40C43A1FA6", "versionEndExcluding": "107.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}