CVE-2022-22761 – Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages
https://notcve.org/view.php?id=CVE-2022-22761
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Las páginas de extensión accesibles desde la web (páginas con un esquema moz-extension://) no aplicaban correctamente la directiva frame-ancestors cuando se usaba en la Política de seguridad de contenido de la extensión web. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1745566 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22761 https://bugzilla.redhat.com/show_bug.cgi?id=2053239 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-22759 – Mozilla: Sandboxed iframes could have executed script if the parent appended elements
https://notcve.org/view.php?id=CVE-2022-22759
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si un documento creó un iframe en la sandboxed sin <code>allow-scripts</code> y posteriormente agregó un elemento al documento del iframe que, por ejemplo, tenía un controlador de eventos JavaScript, el controlador de eventos se habría ejecutado a pesar de la sandbox del iframe. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1739957 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22759 https://bugzilla.redhat.com/show_bug.cgi?id=2053242 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-22754 – Mozilla: Extensions could have bypassed permission confirmation during update
https://notcve.org/view.php?id=CVE-2022-22754
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Si un usuario instaló una extensión de un tipo particular, la extensión podría haberse actualizado automáticamente y, al hacerlo, omitir el mensaje que otorga a la nueva versión los nuevos permisos solicitados. Esta vulnerabilidad afecta a Firefox < 97, Thunderbird < 91.6 y Firefox ESR < 91.6. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1750565 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22754 https://bugzilla.redhat.com/show_bug.cgi?id=2053236 • CWE-863: Incorrect Authorization CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2022-22763 – Mozilla: Script Execution during invalid object state
https://notcve.org/view.php?id=CVE-2022-22763
When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. Cuando se apaga un trabajador, era posible hacer que el script se ejecutara tarde en el ciclo de vida, en un punto posterior al que no debería ser posible. Esta vulnerabilidad afecta a Firefox < 96, Thunderbird< 91.6 y Firefox ESR < 91.6. The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740534 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22763 https://bugzilla.redhat.com/show_bug.cgi?id=2053240 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-22760 – Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types
https://notcve.org/view.php?id=CVE-2022-22760
When importing resources using Web Workers, error messages would distinguish the difference between <code>application/javascript</code> responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. Al importar recursos utilizando Web Workers, los mensajes de error distinguirían la diferencia entre respuestas <code>application/javascript</code> y respuestas sin script. Se podría haber abusado de esto para aprender información de origen cruzado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1740985 https://bugzilla.mozilla.org/show_bug.cgi?id=1748503 https://www.mozilla.org/security/advisories/mfsa2022-04 https://www.mozilla.org/security/advisories/mfsa2022-05 https://www.mozilla.org/security/advisories/mfsa2022-06 https://access.redhat.com/security/cve/CVE-2022-22760 https://bugzilla.redhat.com/show_bug.cgi?id=2053238 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-829: Inclusion of Functionality from Untrusted Control Sphere •