Resource management error in Mozilla Firefox

#VU65798 Resource management error in Mozilla Firefox

Published: 2022-07-26

Vulnerability identifier: #VU65798

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36315

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the cache preload. When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 100.0 - 102.0.1

External links
http://www.mozilla.org/en-US/security/advisories/mfsa2022-28/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Mozilla Firefox

Ubuntu update for firefox

Multiple vulnerabilities in Mozilla Firefox and Firefox ESR