cbcvebase.
CVE-2022-22757
published 2022-12-22

CVE-2022-22757: Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to…

PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.23%
14.1th percentile
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. *This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 97.0-1 (sid)firefox 97.0-1 (sid)
mozillafirefox< 97.097.0
mozillafirefox
mozillafirefox>= 0 < 97.0+build2-0ubuntu0.18.04.197.0+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 97.0+build2-0ubuntu0.20.04.197.0+build2-0ubuntu0.20.04.1
mozillafirefox>= 0 < 97.0+build2-0ubuntu197.0+build2-0ubuntu1
mozillafirefox>= unspecified < 9797

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.