Vulnerability-Lookup

CVE-2022-40958 (GCVE-0-2022-40958)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-15 14:55

Summary

By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

Bypassing Secure Context restriction for cookies with __Host and __Secure prefix

Assigner

mozilla

References

4 references

URL	Tags
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://bugzilla.mozilla.org/show_bug.cgi?id=1779993

Impacted products

3 products

Vendor	Product	Version
Mozilla	Firefox ESR	Affected: unspecified , < 102.3 (custom)
Mozilla	Thunderbird	Affected: unspecified , < 102.3 (custom)
Mozilla	Firefox	Affected: unspecified , < 105 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:28:42.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-40958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T14:54:50.182199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-74",
                "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T14:55:52.463Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "105",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypassing Secure Context restriction for cookies with __Host and __Secure prefix",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-40958",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2022-09-19T00:00:00.000Z",
    "dateUpdated": "2025-04-15T14:55:52.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-40958",
      "date": "2026-05-20",
      "epss": "0.00371",
      "percentile": "0.59028"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"105.0\", \"matchCriteriaId\": \"B117A240-56A6-4045-93C4-09722ED3A3B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"102.3\", \"matchCriteriaId\": \"D7DB7A5C-E118-4ABD-AE52-33AAA899B36D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"102.3\", \"matchCriteriaId\": \"E9DE429C-DF44-4398-8358-16F6126599E0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\"}, {\"lang\": \"es\", \"value\": \"Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podr\\u00eda establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocar\\u00eda la fijaci\\u00f3n de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 102.3, Thunderbird \u0026lt; 102.3 y Firefox \u0026lt; 105.\"}]",
      "id": "CVE-2022-40958",
      "lastModified": "2024-11-21T07:22:18.197",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2022-12-22T20:15:39.080",
      "references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-40/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-41/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-42/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-40/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-41/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-42/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-40958\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2022-12-22T20:15:39.080\",\"lastModified\":\"2025-04-15T15:15:59.087\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\"},{\"lang\":\"es\",\"value\":\"Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podr\u00eda establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocar\u00eda la fijaci\u00f3n de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 102.3, Thunderbird \u0026lt; 102.3 y Firefox \u0026lt; 105.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"105.0\",\"matchCriteriaId\":\"B117A240-56A6-4045-93C4-09722ED3A3B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.3\",\"matchCriteriaId\":\"D7DB7A5C-E118-4ABD-AE52-33AAA899B36D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.3\",\"matchCriteriaId\":\"E9DE429C-DF44-4398-8358-16F6126599E0\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-40/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-41/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-42/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-40/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-41/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2022-42/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-40/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-41/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-42/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:28:42.952Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-40958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-15T14:54:50.182199Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-15T14:55:14.195Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"105\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-40/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-41/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2022-42/\"}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1779993\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Bypassing Secure Context restriction for cookies with __Host and __Secure prefix\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2022-12-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-40958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-15T14:55:52.463Z\", \"dateReserved\": \"2022-09-19T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2022-12-22T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-844

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox et Firefox ESR. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox ESR	Mozilla Firefox ESR versions antérieures à 102.3
	Mozilla	Firefox ESR	Mozilla Firefox versions antérieures à 105

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-41 du 20 septembre 2022	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2022-40 du 20 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 102.3",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 105",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
  "cves": [
    {
      "name": "CVE-2022-40962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40962"
    },
    {
      "name": "CVE-2022-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40961"
    },
    {
      "name": "CVE-2022-40956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40956"
    },
    {
      "name": "CVE-2022-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40958"
    },
    {
      "name": "CVE-2022-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40959"
    },
    {
      "name": "CVE-2022-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40960"
    },
    {
      "name": "CVE-2022-40957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40957"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-844",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-41 du 20 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-40 du 20 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/"
    }
  ]
}

CERTFR-2022-AVI-849

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 102.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-42 du 20 sept. 2022	None	vendor-advisory
Bulletin de sécurité Mozilla du 20 sept. 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 102.3",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-40962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40962"
    },
    {
      "name": "CVE-2022-40956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40956"
    },
    {
      "name": "CVE-2022-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40958"
    },
    {
      "name": "CVE-2022-3155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3155"
    },
    {
      "name": "CVE-2022-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40959"
    },
    {
      "name": "CVE-2022-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40960"
    },
    {
      "name": "CVE-2022-40957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40957"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 20 sept. 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/"
    }
  ],
  "reference": "CERTFR-2022-AVI-849",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-42 du 20 sept. 2022",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-844

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox ESR	Mozilla Firefox ESR versions antérieures à 102.3
	Mozilla	Firefox ESR	Mozilla Firefox versions antérieures à 105

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-41 du 20 septembre 2022	None	vendor-advisory
Bulletin de sécurité Mozilla mfsa2022-40 du 20 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Firefox ESR versions ant\u00e9rieures \u00e0 102.3",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Firefox versions ant\u00e9rieures \u00e0 105",
      "product": {
        "name": "Firefox ESR",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
  "cves": [
    {
      "name": "CVE-2022-40962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40962"
    },
    {
      "name": "CVE-2022-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40961"
    },
    {
      "name": "CVE-2022-40956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40956"
    },
    {
      "name": "CVE-2022-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40958"
    },
    {
      "name": "CVE-2022-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40959"
    },
    {
      "name": "CVE-2022-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40960"
    },
    {
      "name": "CVE-2022-40957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40957"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-844",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox et\nFirefox ESR. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox et Firefox ESR",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-41 du 20 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-40 du 20 septembre 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/"
    }
  ]
}

CERTFR-2022-AVI-849

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Thunderbird versions antérieures à 102.3

References

Title

Publication Time

Tags

Bulletin de sécurité Mozilla mfsa2022-42 du 20 sept. 2022	None	vendor-advisory
Bulletin de sécurité Mozilla du 20 sept. 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Thunderbird versions ant\u00e9rieures \u00e0 102.3",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-40962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40962"
    },
    {
      "name": "CVE-2022-40956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40956"
    },
    {
      "name": "CVE-2022-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40958"
    },
    {
      "name": "CVE-2022-3155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3155"
    },
    {
      "name": "CVE-2022-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40959"
    },
    {
      "name": "CVE-2022-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40960"
    },
    {
      "name": "CVE-2022-40957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40957"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 20 sept. 2022",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/"
    }
  ],
  "reference": "CERTFR-2022-AVI-849",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMozilla\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2022-42 du 20 sept. 2022",
      "url": null
    }
  ]
}

alsa-2022:6700

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-14 15:17

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6700	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/9/ALSA-2022-6700.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-6.el9_0.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.3.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6700",
  "modified": "2022-10-14T15:17:20Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6700"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2022-6700.html"
    }
  ],
  "related": [
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: firefox security update"
}

alsa-2022:6702

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-14 14:48

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6702	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/8/ALSA-2022-6702.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-6.el8_6.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.3.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6702",
  "modified": "2022-10-14T14:48:59Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6702"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-6702.html"
    }
  ],
  "related": [
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: firefox security update"
}

alsa-2022:6708

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-14 15:08

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)
Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)
Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6708	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-3032	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3033	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3034	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36059	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2123255	REPORT
	https://bugzilla.redhat.com/2123256	REPORT
	https://bugzilla.redhat.com/2123257	REPORT
	https://bugzilla.redhat.com/2123258	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/8/ALSA-2022-6708.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-3.el8_6.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Remote content specified in an HTML document that was nested inside an iframe\u0027s srcdoc attribute was not blocked (CVE-2022-3032)\n* Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)\n* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6708",
  "modified": "2022-10-14T15:08:36Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3032"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3033"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3034"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36059"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123255"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123256"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123258"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-6708.html"
    }
  ],
  "related": [
    "CVE-2022-3033",
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-3032",
    "CVE-2022-3034",
    "CVE-2022-36059",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2022:6717

Vulnerability from osv_almalinux

Published

2022-09-26 00:00

Modified

2022-10-19 07:24

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.3.0.

Security Fix(es):

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)
Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)
Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)
Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)
Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked (CVE-2022-3032)
Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)
Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)
Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)
Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)
Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:6717	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-3032	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3033	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3034	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36059	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40956	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40957	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40958	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40959	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40960	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40962	REPORT
	https://bugzilla.redhat.com/2123255	REPORT
	https://bugzilla.redhat.com/2123256	REPORT
	https://bugzilla.redhat.com/2123257	REPORT
	https://bugzilla.redhat.com/2123258	REPORT
	https://bugzilla.redhat.com/2128792	REPORT
	https://bugzilla.redhat.com/2128793	REPORT
	https://bugzilla.redhat.com/2128794	REPORT
	https://bugzilla.redhat.com/2128795	REPORT
	https://bugzilla.redhat.com/2128796	REPORT
	https://bugzilla.redhat.com/2128797	REPORT
	https://errata.almalinux.org/9/ALSA-2022-6717.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "102.3.0-3.el9_0.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag (CVE-2022-3033)\n* Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959)\n* Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960)\n* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962)\n* Mozilla: Remote content specified in an HTML document that was nested inside an iframe\u0027s srcdoc attribute was not blocked (CVE-2022-3032)\n* Mozilla: An iframe element in an HTML email could trigger a network request (CVE-2022-3034)\n* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2022-36059)\n* Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958)\n* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)\n* Mozilla: Incoherent instruction cache when building WASM on ARM64 (CVE-2022-40957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:6717",
  "modified": "2022-10-19T07:24:33Z",
  "published": "2022-09-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:6717"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3032"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3033"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3034"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36059"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40959"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40960"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40962"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123255"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123256"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123258"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128792"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128794"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128795"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128796"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2128797"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2022-6717.html"
    }
  ],
  "related": [
    "CVE-2022-3033",
    "CVE-2022-40959",
    "CVE-2022-40960",
    "CVE-2022-40962",
    "CVE-2022-3032",
    "CVE-2022-3034",
    "CVE-2022-36059",
    "CVE-2022-40958",
    "CVE-2022-40956",
    "CVE-2022-40957"
  ],
  "summary": "Important: thunderbird security update"
}

FKIE_CVE-2022-40958

Vulnerability from fkie_nvd - Published: 2022-12-22 20:15 - Updated: 2025-04-15 15:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1779993	Issue Tracking, Permissions Required
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-40/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-41/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2022-42/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=1779993	Issue Tracking, Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-40/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-41/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.mozilla.org/security/advisories/mfsa2022-42/	Vendor Advisory

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox_esr	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B117A240-56A6-4045-93C4-09722ED3A3B8",
              "versionEndExcluding": "105.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DB7A5C-E118-4ABD-AE52-33AAA899B36D",
              "versionEndExcluding": "102.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DE429C-DF44-4398-8358-16F6126599E0",
              "versionEndExcluding": "102.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105."
    },
    {
      "lang": "es",
      "value": "Al inyectar una cookie con ciertos caracteres especiales, un atacante en un subdominio compartido que no es un contexto seguro podr\u00eda establecer y, por lo tanto, sobrescribir cookies desde un contexto seguro, lo que provocar\u00eda la fijaci\u00f3n de sesiones y otros ataques. Esta vulnerabilidad afecta a Firefox ESR \u0026lt; 102.3, Thunderbird \u0026lt; 102.3 y Firefox \u0026lt; 105."
    }
  ],
  "id": "CVE-2022-40958",
  "lastModified": "2025-04-15T15:15:59.087",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-22T20:15:39.080",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-40/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-41/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-42/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-7MXJ-29P2-6G84

Vulnerability from github – Published: 2022-12-22 21:30 – Updated: 2025-04-15 15:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-40958"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-22T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR \u003c 102.3, Thunderbird \u003c 102.3, and Firefox \u003c 105.",
  "id": "GHSA-7mxj-29p2-6g84",
  "modified": "2025-04-15T15:30:35Z",
  "published": "2022-12-22T21:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40958"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1779993"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-40"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-41"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2022-42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-40958 (GCVE-0-2022-40958)

Solution

Contournement provisoire

Solution

Solution

Contournement provisoire

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature