Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-40959

Опубликовано: 22 дек. 2022
Источник: debian
EPSS Низкий

Описание

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed105.0-1package
firefox-esrfixed102.3.0esr-1package
thunderbirdfixed1:102.3.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40959

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40959

  • https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959

EPSS

Процентиль: 30%
0.00106
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-40959

CVSS3: 6.5
ubuntu
больше 2 лет назад

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

redhat логотип

CVE-2022-40959

CVSS3: 7.5
redhat
почти 3 года назад

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

nvd логотип

CVE-2022-40959

CVSS3: 6.5
nvd
больше 2 лет назад

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

github логотип

GHSA-pc7h-fmrf-pp2j

CVSS3: 6.5
github
больше 2 лет назад

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.

fstec логотип

BDU:2022-06253

CVSS3: 7.5
fstec
почти 3 года назад

Уязвимость реализации механизма FeaturePolicy браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности

EPSS

Процентиль: 30%
0.00106
Низкий