Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-34475
HistoryDec 22, 2022 - 8:15 p.m.

CVE-2022-34475

2022-12-2220:15:32
Debian Security Bug Tracker
security-tracker.debian.org
27
svg vulnerability
script execution
html sanitizer api
firefox 102
same-origin document
javascript file

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%

SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects Firefox < 102.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 102.0-1firefox_102.0-1_all.deb

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.2%