CVE-2022-45417
published 2022-12-22CVE-2022-45417: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.41%
32.8th percentile
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 107.0-1 (sid) | firefox 107.0-1 (sid) |
| mozilla | firefox | < 107.0 | 107.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 107.0+build2-0ubuntu0.18.04.1 | 107.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 107.0+build2-0ubuntu0.20.04.1 | 107.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 107 | 107 |
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv8.1HIGH
vendor_ubuntu8.1HIGH
vendor_debian4.3MEDIUM
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not
vendor_msrc·2022-12-13·CVSS 4.3
CVE-2022-45417 [MEDIUM] CWE-1021 Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why w
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2022-11-16·CVSS 8.1
CVE-2022-40674 [HIGH] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)
Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attac
Debian
CVE-2022-45417: firefox - Service Workers did not detect Private Browsing Mode correctly in all cases, whi...
vendor_debian·2022·CVSS 4.3
CVE-2022-45417 [MEDIUM] CVE-2022-45417: firefox - Service Workers did not detect Private Browsing Mode correctly in all cases, whi...
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
Scope: local
sid: resolved (fixed in 107.0-1)
Mozilla
Mozilla Foundation Security Advisory 2022-47: CVE-2022-45417
vendor_mozilla·CVSS 4.3
CVE-2022-45417 [MEDIUM] Mozilla Foundation Security Advisory 2022-47: CVE-2022-45417
Mozilla Foundation Security Advisory 2022-47
CVE: CVE-2022-45417
Product: Firefox
Impact: high
Fixed in: Firefox 107
GHSA
GHSA-284c-r484-8cqh: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website
ghsa_unreviewed·2022-12-22
CVE-2022-45417 [MEDIUM] CWE-1021 GHSA-284c-r484-8cqh: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
OSV
CVE-2022-45417: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website
osv·2022-11-16·CVSS 4.3
CVE-2022-45417 [MEDIUM] CVE-2022-45417: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
OSV
firefox vulnerabilities
osv·2022-11-16·CVSS 8.1
CVE-2022-45403 [HIGH] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)
Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attacker could potentially exploit these to cause a denial of service
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-22
Published