Vulnerability identifier: #VU69327
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Mozilla Firefox
Client/Desktop applications /
Web browsers
Firefox ESR
Client/Desktop applications /
Web browsers
Firefox for Android
Mobile applications /
Apps for mobile phones
Vendor: Mozilla
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling non-standard headers. Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch()
and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override
that override the HTTP method, and made this attack possible again.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Mozilla Firefox: 100.0 - 106.0.5
Firefox for Android: 100.1.0 - 106.1.0
Firefox ESR: 102.0 - 102.4.0
External links
http://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
http://www.mozilla.org/en-US/security/advisories/mfsa2022-48/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.