CVE-2022-34477 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 49%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	𝑥 < 102.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

firefox

sid	132.0.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

firefox

bionic	Fixed 102.0+build2-0ubuntu0.18.04.1 released
focal	Fixed 102.0+build2-0ubuntu0.20.04.1 released
impish	Fixed 102.0+build2-0ubuntu0.21.10.1 released
jammy	not-affected
kinetic	not-affected
lunar	not-affected
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

MozillaFirefox

suse enterprise desktop 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise sap 12 SP5	102.2.0-112.130.1 fixed
suse enterprise sap 15	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise server 12 SP2	102.2.0-112.130.1 fixed
suse enterprise server 12 SP3	102.2.0-112.130.1 fixed
suse enterprise server 12 SP4	102.2.0-112.130.1 fixed
suse enterprise server 12 SP5	102.2.0-112.130.1 fixed
suse enterprise server 15	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP2	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP7	102.3.0-150200.152.61.1 fixed

MozillaFirefox-branding-SLE-102

suse enterprise desktop 15 SP3	150200.9.10.1 fixed
suse enterprise desktop 15 SP4	150200.9.10.1 fixed
suse enterprise desktop 15 SP5	150200.9.10.1 fixed
suse enterprise desktop 15 SP6	150200.9.10.1 fixed
suse enterprise desktop 15 SP7	150200.9.10.1 fixed
suse enterprise sap 12 SP5	35.9.1 fixed
suse enterprise sap 15	150000.4.22.1 fixed
suse enterprise sap 15 SP1	150000.4.22.1 fixed
suse enterprise sap 15 SP3	150200.9.10.1 fixed
suse enterprise sap 15 SP4	150200.9.10.1 fixed
suse enterprise sap 15 SP5	150200.9.10.1 fixed
suse enterprise sap 15 SP6	150200.9.10.1 fixed
suse enterprise sap 15 SP7	150200.9.10.1 fixed
suse enterprise server 12 SP2	35.9.1 fixed
suse enterprise server 12 SP3	35.9.1 fixed
suse enterprise server 12 SP4	35.9.1 fixed
suse enterprise server 12 SP5	35.9.1 fixed
suse enterprise server 15	150000.4.22.1 fixed
suse enterprise server 15 SP1	150000.4.22.1 fixed
suse enterprise server 15 SP2	150200.9.10.1 fixed
suse enterprise server 15 SP3	150200.9.10.1 fixed
suse enterprise server 15 SP4	150200.9.10.1 fixed
suse enterprise server 15 SP5	150200.9.10.1 fixed
suse enterprise server 15 SP6	150200.9.10.1 fixed
suse enterprise server 15 SP7	150200.9.10.1 fixed

MozillaFirefox-devel

suse enterprise desktop 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise sap 12 SP5	102.2.0-112.130.1 fixed
suse enterprise sap 15	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise server 12 SP2	102.2.0-112.130.1 fixed
suse enterprise server 12 SP3	102.2.0-112.130.1 fixed
suse enterprise server 12 SP4	102.2.0-112.130.1 fixed
suse enterprise server 12 SP5	102.2.0-112.130.1 fixed
suse enterprise server 15	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP2	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP7	102.3.0-150200.152.61.1 fixed

MozillaFirefox-translations-common

suse enterprise desktop 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise sap 12 SP5	102.2.0-112.130.1 fixed
suse enterprise sap 15	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise server 12 SP2	102.2.0-112.130.1 fixed
suse enterprise server 12 SP3	102.2.0-112.130.1 fixed
suse enterprise server 12 SP4	102.2.0-112.130.1 fixed
suse enterprise server 12 SP5	102.2.0-112.130.1 fixed
suse enterprise server 15	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP2	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP7	102.3.0-150200.152.61.1 fixed

MozillaFirefox-translations-other

suse enterprise desktop 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise desktop 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise sap 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise sap 15 SP7	102.3.0-150200.152.61.1 fixed
suse enterprise server 15	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP1	102.2.0-150000.150.56.1 fixed
suse enterprise server 15 SP2	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP3	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP4	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP5	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP6	102.3.0-150200.152.61.1 fixed
suse enterprise server 15 SP7	102.3.0-150200.152.61.1 fixed

Common Weakness Enumeration

CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1731614

https://www.mozilla.org/security/advisories/mfsa2022-24/

https://bugzilla.mozilla.org/show_bug.cgi?id=1731614

https://www.mozilla.org/security/advisories/mfsa2022-24/

https://bugzilla.mozilla.org/show_bug.cgi?id=1731614