Lucene search
Ubuntu.comUB:CVE-2022-31743HistoryJun 01, 2022 - 12:00 a.m.
CVE-2022-31743
2022-06-0100:00:00
ubuntu.com
ubuntu.com
28
firefox
html parser
vulnerability
user-controlled data
incongruity
browser escape
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
Firefox’s HTML parser did not correctly interpret HTML comment tags,
resulting in an incongruity with other browsers. This could have been used
to escape HTML comments on pages that put user-controlled data in them.
This vulnerability affects Firefox < 101.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| mdeslaur | starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | firefox | < 101.0.1+build1-0ubuntu0.18.04.1 | UNKNOWN |
| ubuntu | 20.04 | noarch | firefox | < 101.0.1+build1-0ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 21.10 | noarch | firefox | < 101.0.1+build1-0ubuntu0.21.10.1 | UNKNOWN |
| ubuntu | 18.04 | noarch | mozjs38 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | mozjs52 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | mozjs52 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | mozjs68 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | mozjs78 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | mozjs91 | < any | UNKNOWN |
Related
debiancve
debiancve
CVE-2022-31743
2022-12-22 20:15:29
cvelist
cvelist
CVE-2022-31743
2022-12-22 00:00:00
alpinelinux
alpinelinux
CVE-2022-31743
2022-12-22 20:15:29
veracode
veracode
Cross-site Scripting (XSS)
2022-06-13 19:19:13
nvd
nvd
CVE-2022-31743
2022-12-22 20:15:29
prion
prion
Hardcoded credentials
2022-12-22 20:15:00
cnvd
cnvd
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-06863)
2022-06-02 00:00:00
cve
cve
CVE-2022-31743
2022-12-22 20:15:29
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5475-1)
2022-06-13 00:00:00
Mozilla Firefox < 101.0
2022-05-31 00:00:00
Mozilla Firefox < 101.0
2022-05-31 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2022-06-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5475-1)
2022-06-14 00:00:00
Mozilla Firefox Security Advisory (MFSA2022-20) - Mac OS X
2022-07-07 00:00:00
Mozilla Firefox Security Advisory (MFSA2022-20) - Linux
2022-06-01 00:00:00
kaspersky
kaspersky
KLA12545 Multiple vulnerabilities in Mozilla Firefox
2022-05-31 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 101 — Mozilla
2022-05-31 00:00:00
osv
osv
firefox vulnerabilities
2022-06-13 13:43:11
MozillaFirefox-101.0-1.1 on GA media
2024-06-15 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2022-08-10 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
Related for UB:CVE-2022-31743