CVE-2022-40956

Public on 2022-11-29

Modified on 2024-02-07

Description

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Firefox Extra	firefox	2023-08-21 21:01	ALAS2FIREFOX-2023-010
Amazon Linux 2 - Core	thunderbird	2022-12-01 20:32	ALAS2-2022-1900

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD	CVSSv3	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

Red Hat: CVE-2022-40956 Mitre: CVE-2022-40956 FAQs regarding Amazon Linux ALAS/CVE Severity