PT-2022-3313 · Mozilla+5 · Firefox+5

Armin Ebert

Published

2022-06-28

Updated

2024-12-12

CVE-2022-34473

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 102

Description The issue is related to errors in HTML sanitization. It may allow a remote attacker to compromise the integrity of protected information. The HTML Sanitizer incorrectly failed to sanitize xlink:href attributes of SVG <use> tags.

Recommendations For versions prior to 102, update to version 102 or later to resolve the issue. As a temporary workaround, consider restricting the use of SVG <use> tags with xlink:href attributes until a patch is available.

Exploit

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

ALT-PU-2022-2151

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-04061

CVE-2022-34473

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_3396-1

OPENSUSE-SU-2024:12184-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3396-1

USN-5504-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Firefox

Suse

Ubuntu

PT-2022-3313 · Mozilla+5 · Firefox+5

CVE-2022-34473

Weakness Enumeration

Related Identifiers

Affected Products

References · 2201