Main Vulnerability Database Vulnerabilities #VU69332

#VU69332 Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2022-45417

Published: November 15, 2022

Vulnerability identifier: #VU69332

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-45417

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Service Workers do not detect Private Browsing Mode correctly in all cases, resulting in data being written to disk for websites visited in Private Browsing Mode. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/