Vulnerability Description
Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 107.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1794508Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-47/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1794508Issue TrackingPermissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2022-47/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1794508Issue TrackingPermissions RequiredVendor Advisory
FAQ
What is CVE-2022-45417?
CVE-2022-45417 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not...
How severe is CVE-2022-45417?
CVE-2022-45417 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45417?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.