#VU69327 Cross-site tracing


Published: 2022-11-15

Vulnerability identifier: #VU69327

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45411

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mozilla Firefox
Client/Desktop applications / Web browsers
Firefox ESR
Client/Desktop applications / Web browsers
Firefox for Android
Mobile applications / Apps for mobile phones

Vendor: Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling non-standard headers. Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mozilla Firefox: 100.0 - 106.0.5

Firefox for Android: 100.1.0 - 106.1.0

Firefox ESR: 102.0 - 102.4.0


External links
http://www.mozilla.org/en-US/security/advisories/mfsa2022-47/
http://www.mozilla.org/en-US/security/advisories/mfsa2022-48/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability