cnvd - cnvd-2023-16359

cnvd-2023-16359

Vulnerability from cnvd

Title: Mozilla Firefox和Thunderbird拒绝服务漏洞

Description:

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。

Mozilla Firefox 106之前版本、Firefox ESR 102.4之前版本和Thunderbird 102.4之前版本存在拒绝服务漏洞。攻击者可利用该漏洞导致浏览器拒绝服务。

Severity: 高

Formal description:

Mozilla已经为此发布了一个安全公告（2022-44）以及相应补丁:2022-44：Mozilla Foundation Security Advisory 2022-44链接： https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-42929

Impacted products

Name
['Mozilla Thunderbird <102.4', 'mozilla Mozilla Firefox <106', 'mozilla Mozilla Firefox ESR <102.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-42929",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox 106\u4e4b\u524d\u7248\u672c\u3001Firefox ESR 102.4\u4e4b\u524d\u7248\u672c\u548cThunderbird 102.4\u4e4b\u524d\u7248\u672c\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6d4f\u89c8\u5668\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "Mozilla\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff082022-44\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:2022-44\uff1aMozilla Foundation Security Advisory 2022-44\u94fe\u63a5\uff1a\r\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-44/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-16359",
  "openTime": "2023-03-06",
  "products": {
    "product": [
      "Mozilla Thunderbird \u003c102.4",
      "mozilla Mozilla Firefox \u003c106",
      "mozilla Mozilla Firefox ESR \u003c102.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-42929",
  "serverity": "\u9ad8",
  "submitTime": "2023-02-19",
  "title": "Mozilla Firefox\u548cThunderbird\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2022-42929 (GCVE-0-2022-42929)

Vulnerability from cvelistv5

Published

2022-12-22 00:00

Modified

2025-04-15 15:32

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Denial of Service via window.print

Summary

If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

References

▼	URL	Tags
	https://bugzilla.mozilla.org/show_bug.cgi?id=1789439
	https://www.mozilla.org/security/advisories/mfsa2022-44/
	https://www.mozilla.org/security/advisories/mfsa2022-45/
	https://www.mozilla.org/security/advisories/mfsa2022-46/

Impacted products

Vendor

Product

Version

▼

Mozilla

Firefox

Version: unspecified < 106

	Mozilla	Firefox ESR	Version: unspecified < 102.4
	Mozilla	Thunderbird	Version: unspecified < 102.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-44/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-45/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2022-46/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-42929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T15:32:51.646379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T15:32:55.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "106",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "102.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrei Enache"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If a website called \u003ccode\u003ewindow.print()\u003c/code\u003e in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user\u0027s session restore settings. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4."
            }
          ],
          "value": "If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user\u0027s session restore settings. This vulnerability affects Firefox \u003c 106, Firefox ESR \u003c 102.4, and Thunderbird \u003c 102.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service via window.print",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T10:36:47.776Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1789439"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-44/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-45/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2022-46/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2022-42929",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2022-10-14T00:00:00.000Z",
    "dateUpdated": "2025-04-15T15:32:55.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted