Your submission was sent successfully! Close

CVE-2022-31746

Published: 14 September 2022

Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS < 102.

Notes

AuthorNote
tyhicks
mozjs contains a copy of the SpiderMonkey JavaScript engine
mdeslaur
starting with Ubuntu 22.04, the firefox package is just a script
that installs the Firefox snap
amurray
Only affects Firefox for iOS
Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(Firefox for iOS only)
focal Not vulnerable
(Firefox for iOS only)
jammy Not vulnerable
(Firefox for iOS only)
kinetic Not vulnerable
(Firefox for iOS only)
trusty Ignored
(out of standard support)
upstream Not vulnerable
(Firefox for iOS only)
xenial Not vulnerable
(Firefox for iOS only)