PT-2020-6892 · Mozilla+4 · Firefox+4

Pete Freitag

Published

2020-06-10

Updated

2025-04-18

CVE-2022-46873

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 108

Description The issue is related to the insufficient implementation of the unsafe-hashes CSP directive in Firefox, allowing an attacker who can inject markup into a page protected by a Content Security Policy to potentially inject executable script. This would be constrained by the specified Content Security Policy of the document. The vulnerability may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 108, update to a version that includes the fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting the use of the Content Security Policy to minimize the risk of exploitation. Avoid using the unsafe-hashes directive in the Content Security Policy until the issue is resolved.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2022-3356

ALT-PU-2023-1043

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2023-04816

CVE-2022-46873

OESA-2025-1422

OESA-2025-1423

OPENSUSE-SU-2024:12577-1

OPENSUSE-SU-2024:14572-1

USN-5782-1

USN-5782-2

USN-5782-3

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2020-6892 · Mozilla+4 · Firefox+4

CVE-2022-46873

Weakness Enumeration

Related Identifiers

Affected Products

References · 1906