PT-2022-3335 · Mozilla+5 · Firefox+5

Gareth Heyes

Published

2022-06-28

Updated

2024-12-12

CVE-2022-34475

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 102

Description The issue is related to errors in HTML sanitization. It could allow a remote attacker to execute arbitrary code if the attacker's input is sanitized via the HTML Sanitizer API and references a same-origin JavaScript file containing the script to be executed. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 102, update to version 102 or later to resolve the issue. As a temporary workaround, consider restricting the use of the HTML Sanitizer API until a patch is available. Avoid using the HTML Sanitizer API to sanitize attacker input that references same-origin JavaScript files until the issue is resolved.

Exploit

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

ALT-PU-2022-2151

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-04083

CVE-2022-34475

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2022_3396-1

OPENSUSE-SU-2024:12184-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2022:3272-1

SUSE-SU-2022:3273-1

SUSE-SU-2022:3396-1

USN-5504-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Suse

Ubuntu

PT-2022-3335 · Mozilla+5 · Firefox+5

CVE-2022-34475

Weakness Enumeration

Related Identifiers

Affected Products

References · 2201