0.001 Low
EPSS
Percentile
40.0%
firefox is vulnerable to authorized settings. The vulnerability exists due to a flaw in Mozilla which ignores the CSP’s base-uri settings and accept the injected element’s base when injecting an HTML base element.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-40956
bugzilla.mozilla.org/show_bug.cgi?id=1770094
www.mozilla.org/security/advisories/mfsa2022-40/
www.mozilla.org/security/advisories/mfsa2022-41/
www.mozilla.org/security/advisories/mfsa2022-42/