CVE-2022-34474

2022-12-2220:15:32

Alpine Linux Development Team

security.alpinelinux.org

cve-2022-34474

iframe sandboxed

redirect vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchfirefox< 102.0-r0UNKNOWN
Alpineedge-communitynoarchlibrewolf< 102.0-r0UNKNOWN
Alpine3.17-communitynoarchfirefox< 102.0-r0UNKNOWN
Alpine3.18-communitynoarchfirefox< 102.0-r0UNKNOWN
Alpine3.19-communitynoarchfirefox< 102.0-r0UNKNOWN
Alpine3.20-communitynoarchfirefox< 102.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	firefox	< 102.0-r0	UNKNOWN
Alpine	edge-community	noarch	librewolf	< 102.0-r0	UNKNOWN
Alpine	3.17-community	noarch	firefox	< 102.0-r0	UNKNOWN
Alpine	3.18-community	noarch	firefox	< 102.0-r0	UNKNOWN
Alpine	3.19-community	noarch	firefox	< 102.0-r0	UNKNOWN
Alpine	3.20-community	noarch	firefox	< 102.0-r0	UNKNOWN