CVE-2022-22750

2022-12-2220:15:16

[email protected]

web.nvd.nist.gov

firefox

vulnerability

windows

macos

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.0%

JSON

By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.<br>This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.. This vulnerability affects Firefox < 96.

Affected configurations

Nvd

Node

mozillafirefoxRange<96.0

AND

applemacosMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*