CVE-2022-36315

Summary

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 103affected

Weaknesses

  • Preload Cache Bypasses Subresource Integrity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References