CVE-2022-31743

Summary

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox < 101.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 101affected

Weaknesses

  • HTML Parsing incorrectly ended HTML comments prematurely

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References