CVE-2022-45417UI Misrepresentation / Clickjacking in Mozilla Firefox

CWE-1021UI Misrepresentation / Clickjacking8 documents7 sources
Severity
4.3MEDIUMNVD
OSV8.1
EPSS
0.1%
top 65.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0
Timeline
PublishedDec 22

Description

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

debiandebian/firefox< firefox 107.0-1 (sid)
CVEListV5mozilla/firefoxunspecified107
NVDmozilla/firefox< 107.0
Ubuntumozilla/firefox< 107.0+build2-0ubuntu0.18.04.1+1
mozillamozilla/firefox

🔴Vulnerability Details

3
GHSA
GHSA-284c-r484-8cqh: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website2022-12-22
OSV
CVE-2022-45417: Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for website2022-11-16
OSV
firefox vulnerabilities2022-11-16

📋Vendor Advisories

4
Microsoft
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not2022-12-13
Ubuntu
Firefox vulnerabilities2022-11-16
Debian
CVE-2022-45417: firefox - Service Workers did not detect Private Browsing Mode correctly in all cases, whi...2022
Mozilla
Mozilla Foundation Security Advisory 2022-47: CVE-2022-45417