CVE-2022-34477 — Observable Discrepancy in Mozilla Firefox

CWE-203 — Observable Discrepancy7 documents6 sources

Severity

7.5HIGHNVD

OSV8.8

EPSS

0.4%

top 42.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 22

Description

The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 102.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 102

▶NVDmozilla/firefox< 102.0

▶Ubuntumozilla/firefox< 102.0+build2-0ubuntu0.18.04.1+1

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-hc2g-x3vc-qhj4: The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin r↗2022-12-22

▶

OSV

firefox vulnerabilities↗2022-07-05

▶

OSV

CVE-2022-34477: The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin r↗2022-07-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2022-07-05

▶

Debian

CVE-2022-34477: firefox - The MediaError message property should be consistent to avoid leaking informatio...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-24: CVE-2022-34477↗

▶