cbcvebase.
CVE-2022-45417
published 2022-12-22

CVE-2022-45417: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited…

PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EPSS
0.41%
32.8th percentile
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 107.0-1 (sid)firefox 107.0-1 (sid)
mozillafirefox< 107.0107.0
mozillafirefox
mozillafirefox>= 0 < 107.0+build2-0ubuntu0.18.04.1107.0+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 107.0+build2-0ubuntu0.20.04.1107.0+build2-0ubuntu0.20.04.1
mozillafirefox>= unspecified < 107107
msrcazl3_mozjs_102.15.1-1_on_azure_linux_3.0

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
osv8.1HIGH
vendor_ubuntu8.1HIGH
vendor_debian4.3MEDIUM
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.