CVE Vulnerabilities

CVE-2022-42927

Origin Validation Error

Published: Dec 22, 2022 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 106.0 (excluding)
Firefox_esr Mozilla * 102.4 (excluding)
Thunderbird Mozilla * 102.4 (excluding)
Red Hat Enterprise Linux 7 RedHat firefox-0:102.4.0-1.el7_9 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:102.4.0-1.el7_9 *
Red Hat Enterprise Linux 8 RedHat firefox-0:102.4.0-1.el8_6 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:102.4.0-1.el8_6 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat firefox-0:102.4.0-1.el8_1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.4.0-1.el8_1 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat firefox-0:102.4.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat firefox-0:102.4.0-1.el8_4 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.4.0-1.el8_4 *
Red Hat Enterprise Linux 9 RedHat firefox-0:102.4.0-1.el9_0 *
Red Hat Enterprise Linux 9 RedHat thunderbird-0:102.4.0-1.el9_0 *
Firefox Ubuntu bionic *
Firefox Ubuntu focal *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu upstream *
Thunderbird Ubuntu xenial *

References