Main Vulnerability Database Vulnerabilities #VU69326

#VU69326 Security features bypass in Mozilla products - CVE-2022-45410

Published: November 15, 2022

Vulnerability identifier: #VU69326

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-45410

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling ServiceWorker-intercepted requests. When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/

#VU69326 Security features bypass in Mozilla products - CVE-2022-45410

Description

Remediation

External links

Please verify you're human