CVE-2022-46873
EUVD-2022-4965322.12.2022, 20:15
Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 108.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||
| mozjs68 |
| ||||||||||||||||||
| mozjs78 |
| ||||||||||||||||||
| mozjs91 |
| ||||||||||||||||||
| thunderbird |
|
References