Main Vulnerability Database Vulnerabilities #VU59375

Input validation error in Firefox for Android - CVE-2022-22749

Published: January 11, 2022

Vulnerability identifier: #VU59375

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22749

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of QR codes. When scanning QR codes, Firefox for Android allows navigation to some URLs that do not point to web content.

How to mitigate CVE-2022-22749

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/

Input validation error in Firefox for Android - CVE-2022-22749

Detailed vulnerability description

How to mitigate CVE-2022-22749

Sources

Please verify you're human