CVE-2022-45417
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 107 | affected |
Weaknesses
- Service Workers in Private Browsing Mode may have been written to disk
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2022-47/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1794508
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://www.mozilla.org/security/advisories/mfsa2022-47/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1794508
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.