CVE Vulnerability

CVE-2022-45417

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.mozilla.org/security/advisories/mfsa2022-47/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1794508 Issue Tracking Permissions Required
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Information

Published : 2022-12-22 08:15

Updated : 2023-01-04 07:42

NVD link : CVE-2022-45417

Mitre link : CVE-2022-45417

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames