Rewterz Threat Advisory –CVE-2022-2226 – Mozilla Thunderbird Vulnerability
June 30, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 30, 2022Rewterz Threat Advisory –CVE-2022-2226 – Mozilla Thunderbird Vulnerability
June 30, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 30, 2022Severity
Medium
Analysis Summary
CVE-2022-34473 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to sanitize xlink:href attributes. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using use tags to bypass the HTML Sanitizer.
CVE-2022-34475 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using same-origin script via use tags to bypass the HTML Sanitizer API.
CVE-2022-34477 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by a leak in the MediaError message property. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
Information Disclosure
Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-34473
- CVE-2022-34475
- CVE-2022-34477
Affected Vendors
- Mozilla
Affected Products
Mozilla Firefox 101
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.