CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
78.0%
Multiple security issues were discovered in Firefox. If a user were tricked
into opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service, spoof the contents of the
addressbar, bypass security restrictions, cross-site tracing or execute
arbitrary code. (CVE-2022-45403, CVE-2022-45404, CVE-2022-45405,
CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410,
CVE-2022-45411, CVE-2022-45413, CVE-2022-40674, CVE-2022-45418, CVE-2022-45419,
CVE-2022-45420, CVE-2022-45421)
Armin Ebert discovered that Firefox did not properly manage while resolving
file symlink. If a user were tricked into opening a specially crafted weblink,
an attacker could potentially exploit these to cause a denial of service.
(CVE-2022-45412)
Jefferson Scher and Jayateertha Guruprasad discovered that Firefox did not
properly sanitize the HTML download file extension under certain circumstances.
If a user were tricked into downloading and executing malicious content, a
remote attacker could execute arbitrary code with the privileges of the user
invoking the programs. (CVE-2022-45415)
Erik Kraft, Martin Schwarzl, and Andrew McCreight discovered that Firefox
incorrectly handled keyboard events. An attacker could possibly use this
issue to perform a timing side-channel attack and possibly figure out which
keys are being pressed. (CVE-2022-45416)
Kagami discovered that Firefox did not detect Private Browsing Mode correctly.
An attacker could possibly use this issue to obtain sensitive information about
Private Browsing Mode.
(CVE-2022-45417)
ubuntu.com/security/CVE-2022-40674
ubuntu.com/security/CVE-2022-45403
ubuntu.com/security/CVE-2022-45404
ubuntu.com/security/CVE-2022-45405
ubuntu.com/security/CVE-2022-45406
ubuntu.com/security/CVE-2022-45407
ubuntu.com/security/CVE-2022-45408
ubuntu.com/security/CVE-2022-45409
ubuntu.com/security/CVE-2022-45410
ubuntu.com/security/CVE-2022-45411
ubuntu.com/security/CVE-2022-45412
ubuntu.com/security/CVE-2022-45413
ubuntu.com/security/CVE-2022-45415
ubuntu.com/security/CVE-2022-45416
ubuntu.com/security/CVE-2022-45417
ubuntu.com/security/CVE-2022-45418
ubuntu.com/security/CVE-2022-45419
ubuntu.com/security/CVE-2022-45420
ubuntu.com/security/CVE-2022-45421
ubuntu.com/security/notices/USN-5726-1