Risk | High |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 |
CWE-ID | CWE-254 CWE-416 CWE-122 CWE-1021 CWE-787 CWE-78 CWE-200 CWE-20 CWE-451 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system MozillaFirefox-translations-other Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
EUVDB-ID: #VU59373
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4140
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in iframe sandbox implementation when processing XSLT markup. A remote attacker can bypass iframe sandbox and execute arbitrary JavaScript code in context of arbitrary window.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59372
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22737
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59371
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22738
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in blendGaussianBlur when applying CSS filter. A remote attacker can trick the victim to open a specially crafted web page, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59381
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22739
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing throttling on external protocol launch dialog. A malicious websites can trick users into accepting launching a program to handle an external URL protocol.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59370
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in ChannelEventQueue::mOwner when releasing a network request handle. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59369
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22741
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error resizing a popup while requesting fullscreen access. A remote attacker can
trick the victim to open a specially crafted web page, and make the
browser unable to leave fullscreen mode.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59368
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22742
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input, when inserting text while in edit mode. A remote attacker can create a specially crafted website, trick the victim into opening it and insert specially crafted input in the edit mode, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59367
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22743
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when navigating from inside an iframe while requesting fullscreen access. A remote attacker can trick the victim to open a specially crafted web page, and make the browser unable to leave fullscreen mode.
Successful exploitation of the vulnerability may allow an attacker to perform spoofing attack.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59378
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22744
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "Copy as curl" feature in DevTools. A remote attacker can trick the victim to cope a specially crafted link and execute arbitrary commands on the system, if copied data is pasted into a Powershell prompt.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59377
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22745
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Securitypolicyviolation events leak cross-origin information for frame-ancestors violations. A remote attacker can gain access to sensitive data.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59366
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22746
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a race condition when calling reportValidity. A remote attacker can trick the victim to open a specially crafted web page and bypass the fullscreen notification, which can lead to spoofing attack.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59379
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22747
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of empty pkcs7 sequence, passed as part of the certificate data. A remote attacker can pass specially crafted certificate to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59376
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22748
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59382
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22751
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP1 - 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
MozillaFirefox-translations-other: before 91.5.0-150.15.1
MozillaFirefox-translations-common: before 91.5.0-150.15.1
MozillaFirefox-devel: before 91.5.0-150.15.1
MozillaFirefox-debugsource: before 91.5.0-150.15.1
MozillaFirefox-debuginfo: before 91.5.0-150.15.1
MozillaFirefox: before 91.5.0-150.15.1
CPE2.3http://www.suse.com/support/update/announcement/2022/suse-su-20220137-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.