PT-2022-3322 · Mozilla+5 · Firefox+5

Jannis

·

Published

2022-06-28

·

Updated

2024-12-12

·

CVE-2022-34477

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 102
Description The issue is related to insufficient protection of internal data in the MediaError message property of Mozilla Firefox. This could allow a remote attacker to execute arbitrary code. The problem arises because the MediaError message property may leak information about cross-origin resources, potentially enabling XS-Leaks attacks for same-site cross-origin resources.
Recommendations For versions prior to 102, update to version 102 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of XS-Leaks attacks until the update is applied.

Exploit

Fix

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

ALT-PU-2022-2151
ALT-PU-2022-2458
ALT-PU-2022-2929
ALT-PU-2022-2930
ALT-PU-2023-1138
ALT-PU-2023-1139
ALT-PU-2023-4336
ALT-PU-2023-4339
BDU:2022-04070
CVE-2022-34477
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2022_3396-1
OPENSUSE-SU-2024:12184-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2022:3272-1
SUSE-SU-2022:3273-1
SUSE-SU-2022:3396-1
USN-5504-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Firefox
Suse
Ubuntu