Main Vulnerability Database Vulnerabilities #VU64760

#VU64760 Error Handling in Mozilla Firefox - CVE-2022-34472

Published: June 29, 2022

Vulnerability identifier: #VU64760

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-34472

CWE-ID: CWE-388

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to influence browser behavior.

The vulnerability exists due to improper error handling when processing unavailable PAC file. If a PAC URL is set and the server that hosts the PAC is unreachable, OCSP requests are blocked, resulting in incorrect error pages being shown.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/

#VU64760 Error Handling in Mozilla Firefox - CVE-2022-34472

Description

Remediation

External links

Please verify you're human