CVE-2022-36317

2022-12-2220:15:35

mozilla

web.nvd.nist.gov

cve-2022-36317

firefox

denial of service

security vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

When visiting a website with an overly long URL, the user interface would start to hang. Due to session restore, this could lead to a permanent Denial of Service.<br>This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 103.

Affected configurations

Nvd

Vulners

Node

mozillafirefoxRange<103.0

AND

googleandroidMatch-

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
google	android	-	cpe:2.3:o:google:android:-:::::::*

CNA Affected

[
  {
    "vendor": "Mozilla",
    "product": "Firefox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "103",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]