CVE-2022-46873

Summary

Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 108affected

Weaknesses

  • Firefox did not implement the CSP directive unsafe-hashes

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References