Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-31744

Опубликовано: 28 июн. 2022
Источник: redhat
CVSS3: 6.1

Описание

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxFixedRHSA-2022:547901.07.2022
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2022:548001.07.2022
Red Hat Enterprise Linux 8firefoxFixedRHSA-2022:546930.06.2022
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2022:547030.06.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsfirefoxFixedRHSA-2022:547730.06.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsthunderbirdFixedRHSA-2022:547830.06.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportfirefoxFixedRHSA-2022:547401.07.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2022:547501.07.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2102165Mozilla: CSP bypass enabling stylesheet injection

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-31744

CVSS3: 6.5
ubuntu
больше 2 лет назад

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

nvd логотип

CVE-2022-31744

CVSS3: 6.5
nvd
больше 2 лет назад

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

debian логотип

CVE-2022-31744

CVSS3: 6.5
debian
больше 2 лет назад

An attacker could have injected CSS into stylesheets accessible via in ...

github логотип

GHSA-p5h8-cwcq-q5g2

CVSS3: 6.5
github
больше 2 лет назад

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.

fstec логотип

BDU:2022-04243

CVSS3: 6.1
fstec
почти 3 года назад

Уязвимость почтового клиента Thunderbird, браузера Firefox ESR, связанная с ошибкой при обработке таблиц стилей CSS, доступных через внутренние URI, как «ресурс:», позволяющая нарушителю обойти реализованную политику безопасности содержимого

6.1 Medium

CVSS3