9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.4%
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, bypass security
restrictions, obtain sensitive information, or execute arbitrary code.
(CVE-2022-0511, CVE-2022-22755, CVE-2022-22759, CVE-2022-22760,
CVE-2022-22761, CVE-2022-22764)
It was discovered that extensions of a particular type could auto-update
themselves and bypass the prompt that requests permissions. If a user
were tricked into installing a specially crafted extension, an attacker
could potentially exploit this to bypass security restrictions.
(CVE-2022-22754)
It was discovered that dragging and dropping an image into a folder could
result in it being marked as executable. If a user were tricked into
dragging and dropping a specially crafted image, an attacker could
potentially exploit this to execute arbitrary code. (CVE-2022-22756)
It was discovered that Remote Agent, used in WebDriver, did not validate
Host or Origin headers. If a user were tricked into opening a specially
crafted website with WebDriver enabled, an attacker could potentially
exploit this to connect back to the user’s browser in order to control
it. (CVE-2022-22757)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 21.10 | noarch | firefox | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-dbg | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-dev | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-geckodriver | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-af | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-an | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-ar | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-as | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-ast | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | firefox-locale-az | < 97.0+build2-0ubuntu0.21.10.1 | UNKNOWN |
ubuntu.com/security/CVE-2022-0511
ubuntu.com/security/CVE-2022-22754
ubuntu.com/security/CVE-2022-22755
ubuntu.com/security/CVE-2022-22756
ubuntu.com/security/CVE-2022-22757
ubuntu.com/security/CVE-2022-22759
ubuntu.com/security/CVE-2022-22760
ubuntu.com/security/CVE-2022-22761
ubuntu.com/security/CVE-2022-22764
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.4%