CVE-2022-28283

Summary

The sourceMapURL feature in devtools was missing security checks that would have allowed a webpage to attempt to include local files or other files that should have been inaccessible. This vulnerability affects Firefox < 99.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 99affected

Weaknesses

  • Missing security checks for fetching sourceMapURL

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References