CVE-2022-34472 — Improper Check or Handling of Exceptional Conditions in Mozilla Firefox
Severity
4.3MEDIUMNVD
OSV8.8OSV6.5
EPSS
0.5%
top 36.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 22
Description
If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages9 packages
🔴Vulnerability Details
5OSV▶
CVE-2022-34472: If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pa↗2022-12-22
CVEList▶
CVE-2022-34472: If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pa↗2022-12-22
GHSA▶
GHSA-cvqq-hjjc-jrc6: If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pa↗2022-12-22
📋Vendor Advisories
7Debian▶
CVE-2022-34472: firefox - If there was a PAC URL set and the server that hosts the PAC was not reachable, ...↗2022