CVE-2022-22749 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 45.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 22

Description

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5mozilla/firefoxunspecified — 96

▶NVDmozilla/firefox< 96.0

▶debiandebian/firefox

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-cqhv-5jmg-p8jh: When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content↗2022-12-22

▶

📋Vendor Advisories

Debian

CVE-2022-22749: firefox - When scanning QR codes, Firefox for Android would have allowed navigation to som...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-01: CVE-2022-22749↗

▶