CVE-2022-34474

Summary

Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 102affected

Weaknesses

  • Sandboxed iframes could redirect to external schemes

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References