PT-2022-3948 · Mozilla+1 · Firefox+2

Irwan

Published

2022-07-26

Updated

2024-12-12

CVE-2022-36317

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 103 Firefox for Android versions prior to 103

Description The issue exists due to insufficient input validation. Exploitation can allow a remote attacker to cause a denial of service by visiting a website with an overly long URL, potentially causing the user interface to hang. This could lead to a permanent denial of service due to session restore. The issue only affects Firefox for Android, with other operating systems being unaffected.

Recommendations For Firefox versions prior to 103, update to version 103 or later to resolve the issue. For Firefox for Android versions prior to 103, update to version 103 or later to resolve the issue. As a temporary workaround, consider avoiding websites with overly long URLs until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-2306

ALT-PU-2022-2930

ALT-PU-2023-1139

ALT-PU-2023-4339

ALT-PU-2023-5754

ALT-PU-2023-6436

BDU:2022-04778

CVE-2022-36317

OPENSUSE-SU-2024:12227-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Firefox For Android

PT-2022-3948 · Mozilla+1 · Firefox+2

CVE-2022-36317

Weakness Enumeration

Related Identifiers

Affected Products

References · 1869