CVE-2022-28283
published 2022-12-22CVE-2022-28283: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.57%
43.1th percentile
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 99.0-1 (sid) | firefox 99.0-1 (sid) |
| libnested_project | libnested | >= 0 < 1.5.2 | 1.5.2 |
| mozilla | firefox | < 99.0 | 99.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 99.0+build2-0ubuntu0.18.04.2 | 99.0+build2-0ubuntu0.18.04.2 |
| mozilla | firefox | >= 0 < 99.0+build2-0ubuntu0.20.04.2 | 99.0+build2-0ubuntu0.20.04.2 |
| mozilla | firefox | >= 0 < 1:1snap1-0ubuntu1 | 1:1snap1-0ubuntu1 |
| mozilla | firefox | >= unspecified < 99 | 99 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
ghsa9.8CRITICAL
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vcmf-vf48-7jqp: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files th
ghsa_unreviewed·2022-12-22
CVE-2022-28283 [MEDIUM] CWE-552 GHSA-vcmf-vf48-7jqp: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files th
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
OSV
firefox vulnerabilities
osv·2022-04-07·CVSS 6.5
CVE-2022-1097 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, execute script
unexpectedly, obtain sensitive information, conduct spoofing attacks,
or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286,
CVE-2022-28288, CVE-2022-28289)
A security issue was discovered with the sourceMapURL feature of devtools.
An attacker could potentially exploit this to include local files that
should have been inaccessible. (CVE-2022-28283)
It was discovered that selecting text caused Firefox to crash in some
circumstances. An attacker could potentially exploit this to
OSV
CVE-2022-28283: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files th
osv·2022-04-07·CVSS 6.5
CVE-2022-28283 [MEDIUM] CVE-2022-28283: The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files th
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
GHSA
Prototype Pollution in libnested
ghsa·2022-03-18·CVSS 9.8
CVE-2022-25352 [CRITICAL] CWE-1321 Prototype Pollution in libnested
Prototype Pollution in libnested
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-04-07·CVSS 6.5
CVE-2022-1097 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, execute script
unexpectedly, obtain sensitive information, conduct spoofing attacks,
or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286,
CVE-2022-28288, CVE-2022-28289)
A security issue was discovered with the sourceMapURL feature of devtools.
An attacker could potentially exploit this to include local files that
should have been inaccessible. (CVE-2022-28283)
It was discovered t
Debian
CVE-2022-28283: firefox - The sourceMapURL feature in devtools was missing security checks that would have...
vendor_debian·2022·CVSS 6.5
CVE-2022-28283 [MEDIUM] CVE-2022-28283: firefox - The sourceMapURL feature in devtools was missing security checks that would have...
The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.
Scope: local
sid: resolved (fixed in 99.0-1)
Mozilla
Mozilla Foundation Security Advisory 2022-13: CVE-2022-28283
vendor_mozilla·CVSS 6.5
CVE-2022-28283 [MEDIUM] Mozilla Foundation Security Advisory 2022-13: CVE-2022-28283
Mozilla Foundation Security Advisory 2022-13
CVE: CVE-2022-28283
Product: Firefox
Impact: moderate
Fixed in: Firefox 99
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-22
Published