Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-22745

Опубликовано: 11 янв. 2022
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxFixedRHSA-2022:012412.01.2022
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2022:012712.01.2022
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2022:012912.01.2022
Red Hat Enterprise Linux 8firefoxFixedRHSA-2022:013012.01.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsfirefoxFixedRHSA-2022:012512.01.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsthunderbirdFixedRHSA-2022:013112.01.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2022:012312.01.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportfirefoxFixedRHSA-2022:013212.01.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-829
https://bugzilla.redhat.com/show_bug.cgi?id=2039570Mozilla: Leaking cross-origin URLs through securitypolicyviolation event

EPSS

Процентиль: 40%
0.00179
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-22745

CVSS3: 6.5
ubuntu
больше 2 лет назад

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

nvd логотип

CVE-2022-22745

CVSS3: 6.5
nvd
больше 2 лет назад

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

debian логотип

CVE-2022-22745

CVSS3: 6.5
debian
больше 2 лет назад

Securitypolicyviolation events could have leaked cross-origin informat ...

github логотип

GHSA-jqvp-m2qw-c439

CVSS3: 6.5
github
больше 2 лет назад

Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

fstec логотип

BDU:2022-00296

CVSS3: 4.3
fstec
больше 3 лет назад

Уязвимость компонента securitypolicyviolation почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю получить доступ к конфиденциальной информации

EPSS

Процентиль: 40%
0.00179
Низкий

6.1 Medium

CVSS3