PT-2022-3820 · Mozilla+4 · Firefox+4

Gijs

Published

2022-04-05

Updated

2024-12-12

CVE-2022-28283

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 99

Description The sourceMapURL feature in devtools was missing security checks, allowing a webpage to attempt to include local files or other files that should have been inaccessible. This issue is related to errors in security settings and could allow a remote attacker to disclose protected information.

Recommendations For versions prior to 99, update to version 99 or later to resolve the issue. As a temporary workaround, consider restricting access to the sourceMapURL feature in devtools until a patch is available.

Exploit

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-552

Related Identifiers

ALT-PU-2022-1642

ALT-PU-2022-2458

ALT-PU-2022-2929

ALT-PU-2022-2930

ALT-PU-2023-1138

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-04618

CVE-2022-28283

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2024:11975-1

OPENSUSE-SU-2024:14572-1

USN-5370-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-3820 · Mozilla+4 · Firefox+4

CVE-2022-28283

Weakness Enumeration

Related Identifiers

Affected Products

References · 2186